Pen Testing Active Directory

You may have been following our series of posts on pen testing Active Directory environments and learned about the awesome powers of PowerView. No doubt you were wowed by our cliffhanger ending — spoiler alert — where we applied graph theory to find the derivative admin!

We know from the many emails we received that you demanded a better ‘long-form’ content experience. After all, who’d want to read about finding hackable vulnerabilities using Active Directory while being forced to click six-times to access the entire series?

Thanks to the miracle of PDF technology, we’ve compressed the entire series into an easy-to-ready, comfy ebook format. Best of all, you can scroll through the entire contents without having to touch messy hyperlinks.

Get The Ebook Now
Or check it all out online, here.
IT Pros

Adventures in Malware-Free Hacking, Part II

I’m a fan of the Hybrid Analysis site. It’s kind of a malware zoo where you can safely observe dangerous specimens captured in the wild without getting mauled. The HA team runs the malware in safe sandboxes and records systems calls, file created, and internet traffic, displaying the results for each malware sample. So you don’t have to necessarily spend time puzzling over or even, gulp, running the heavily obfuscated code to understand the hackers’…
Data Security

[Podcast] The Security of Legacy Systems

It’s our first show of 2018 and we kicked off the show with predictions that could potentially drive headline news. By doing so, we’re figuring out different ways to prepare and prevent future cybersecurity attacks. What’s notable is that IBM set up a cybersecurity lab, where organizations can experience what it’s like go through a cyberattack without any risk to their existing production system. This is extremely helpful for companies with legacy systems that might…
Data Security

The Difference Between Data Governance and IT Governance

Lately, we’ve been so focused on data governance, extracting the most value from our data and preventing the next big breach, many of us have overlooked IT governance fundamentals, which help us achieve great data governance. The source of some of the confusion is that data and IT governance have very similar and interdependent goals. Broadly speaking, both processes aim to optimize the organization’s assets to generate greater business value for the organization. Since IT…
Data Security, Varonis News

Introducing Varonis Data Security Platform 6.4.100: Varonis Edge, GDPR Thre...

It’s the beginning of a new year, and we have a huge new beta release to share with you.  The beta release of the Varonis Data Security Platform 6.4.100 dropped earlier this month, and I wanted to share a few highlights: Varonis Edge We announced Varonis Edge back in November, and we’re excited for you to try it.  After over a decade of protecting core data stores, we’re extending that same data security approach to…
Data Security

Add Varonis to IAM for Better Access Governance

Managing permissions is a colossal job fraught with peril, and over-permissive folders are the bane of InfoSec and a hacker’s delight. Many organizations employ IAM (Identity Access Management) to help manage and govern access to applications and other corporate resources. One of the challenges that remains after implementing an IAM solution, however, is how to apply its principles to unstructured data. IAM may be able to help you manage group memberships in Active Directory, but…
Data Security

Adventures in Malware-Free Hacking, Part I

When I first started looking into the topic of hackers living off the land by using available tools and software on the victim’s computer, little did I suspect that it would become a major attack trend. It’s now the subject of scary tech headlines, and security pros are saying it’s on the rise. It seems like a good time for a multi-part IOS blog series on this subject. Known also as file-less or zero-footprint attacks, malware-free…
Data Security

How to use PowerShell Objects and Data Piping

This article is a text version of a lesson from our PowerShell and Active Directory Essentials video course (use code ‘blog’ for free access). The course has proven to be really popular as it walks you through creating a full Active Directory management utility from first principles. What makes a PowerShell Object? If there’s one thing you fundamental difference between PowerShell and other scripting languages that have come before, it’s PowerShell’s default use of Objects…
Data Security

Our Most Underappreciated Blog Posts of 2017

Another year, another 1293 data breaches involving over 174 million records. According to our friends at the Identity Theft Resource Center, 2017 has made history by breaking 2016’s record breaking 1091 breaches. Obviously it’s been a year that many who directly defend corporate and government systems will want to forget. Before we completely wipe 2017 from our memory banks, I decided to take one last look at the previous 12 months worth of IOS posts.  While…
Data Security

How To Get Started with PowerShell and Active Directory Scripting

Build a Full PowerShell Utility This article is a text version of a lesson from our PowerShell and Active Directory Essentials video course (use code ‘blog’ for free access). The course has proven to be really popular as it walks you through creating a full Active Directory management utility from first principles. Coding With PowerShell It can be hard to get started with PowerShell, especially if over the years you’ve become accustomed to working with…
Data Security, Privacy

The Difference Between Data Security and Privacy

Repeat after me, data security is not privacy. Privacy is also not data security. These two terms are often used interchangeably, but there are distinct differences as well as similarities. Yes, data security and privacy have a common goal to protect sensitive data. But they have very different approaches for achieving the same effect. Data security focuses on protecting the data from theft and breaches. Whereas privacy governs how data is being collected, shared and…
Data Security

[Podcast] Who is in Control? The Data or Humans?

Self-quantified trackers made possible what was once nearly unthinkable: for individuals to gather data on one’s activity level in order to manage and improve one’s performance. Some have remarked that self-quantified devices can hinge on the edge of over management. As we wait for more research reports on the right dose of self-management, we’ll have to define for ourselves what the right amount of self-quantifying is. Meanwhile, it seems that businesses are also struggling with…
Data Security

Our 2018 Cybersecurity Predictions

Looking back, 2017 had all the twists and turns of a good disaster movie. Hackers steal and leak the NSA’s powerful exploit kit that’s then unleashed on the world through a Dr. Evilish ransomware-worm hybrid.  Later, a top U.S. credit reporting agency discloses a breach involving the social security numbers of 143 million Americans. Meanwhile, a $1.8 billion legal battle is being waged between two tech giants over stolen software for self-driving cars. In the…