Pen Testing Active Directory

You may have been following our series of posts on pen testing Active Directory environments and learned about the awesome powers of PowerView. No doubt you were wowed by our cliffhanger ending — spoiler alert — where we applied graph theory to find the derivative admin!

We know from the many emails we received that you demanded a better ‘long-form’ content experience. After all, who’d want to read about finding hackable vulnerabilities using Active Directory while being forced to click six-times to access the entire series?

Thanks to the miracle of PDF technology, we’ve compressed the entire series into an easy-to-ready, comfy ebook format. Best of all, you can scroll through the entire contents without having to touch messy hyperlinks.

Get The Ebook Now
Or check it all out online, here.
Data Security

Most Popular Infosec Quotes of the Year

In 2017, we’ve interviewed many privacy experts, chief data officers, security pros and learned so much about the real world. Because we’ve covered so much, I’ve curated the most popular infosec quotes so that we can revisit their sage advice and strategies. Let the ideas simmer so that we can enter 2018 with a stronger vision and execute our ideas smoothly. Enjoy! 1. Yes to diversity and skill set Hire for diversity or for skill…
IT Pros

DNSMessenger: 2017’s Most Beloved Remote Access Trojan (RAT)

I’ve written a lot about Remote Access Trojans (RATs) over the last few years. So I didn’t think there was that much innovation in this classic hacker software utility. RATs, of course, allow hackers to get shell access and issue commands to search for content and then stealthily copy files. However, I somehow missed, DNSMessenger, a new RAT variant that was discovered earlier this year. The malware runs when the victim clicks on a Word doc…
Data Security

Automating Permissions Cleanup: An In-Depth ROI Analysis

Implementing a least privilege model can be time-consuming and expensive, but important in any data security strategy. The Varonis Automation Engine helps you automate the process, and drastically reduces the time required get there. Previously, we discussed automating data access requests to achieve incredible ROI by cutting down on help desk tickets. We also briefly mentioned the enormous amount of work involved in finding and fixing global access–a task which can drastically reduce the risk…
Data Security

Data Security 2017: We’re All Hacked

Remember more innocent times back in early 2017? Before Petya, WannaCry, leaked NSA vulnerabilities, Equifax, and Uber, the state of data security was anything but rosy, but I suppose there was more than a few of us left — consumers and companies — who could say that security incidents did not have a direct impact. That has changed after Equifax’s massive breach affecting 145 million American adults — I was a victim — and then…
Data Security

Have I Been 2 Testify Before Congress

Troy Hunt, creator of HaveIBeenPwned and Varonis partner – testified before the US Congress to talk about data breaches and cybersecurity: he gave context and recommendations about the recent spate of massive data breaches, and what Congress can do to help protect both the privacy and digital assets of its citizens. This testimony couldn’t have come at a better time – just as it came to light that a previously undisclosed Uber data breach had…
Data Security

[Podcast] Security and Privacy Concerns with Chatbots, Trackers, and more

The end of the year is approaching and security pros are making their predictions for 2018 and beyond. So are we! This week, our security practitioners predicted items that will become obsolete because of IoT devices. Some of their guesses – remote controls, service workers, and personal cars. Meanwhile, as the business world phase out old technologies, some are embracing the use of new ones. For instance, many organizations today use chatbots. Yes, they’ll help…
Compliance & Regulation, Data Security

New Survey Reveals GDPR Readiness Gap

With just a few months left to go until the EU General Data Protection Regulation (GDPR) implementation deadline on May 25, 2018, we commissioned an independent survey exploring the readiness and attitudes of security professionals toward the upcoming standard. The survey, Countdown to GDPR: Challenges and Concerns, which polled security professionals in the UK, Germany, France and U.S., highlights surprising GDPR readiness shortcomings, with more than half (57%) of professionals still concerned about compliance. Findings…
Compliance & Regulation
risk assessment video

[Video] Varonis GDPR Risk Assessment   

Are you ready for GDPR ? According to our survey of 500 IT and risk management decision makers, three out of four are facing serious challenges in achieving compliance when GDPR becomes effective on May 25 2018. Varonis can help. A good first step in preparing for GDPR is identifying where EU personal data resides in the file system, and then checking that access permissions are set appropriately. But wait, EU personal data identifiers span…
Data Security

Interview With Wade Baker: Verizon DBIR, Breach Costs, & Selling Board...

Wade Baker is best known for creating and leading the Verizon Data Breach Investigations Report (DBIR). Readers of this blog are familiar with the DBIR as our go-to resource for breach stats and other practical insights into data protection. So we were very excited to listen to Wade speak recently at the O’Reilly Data Security Conference. In his new role as partner and co-founder of the Cyentia Institute, Wade presented some fascinating research on the…
Compliance & Regulation

Do Your GDPR Homework and Lower Your Chance of Fines

Advice that was helpful during your school days is also relevant when it comes to complying with the General Data Protection Regulation (GDPR): do your homework because it counts for part of your grade! In the case of the GDPR, your homework assignments involve developing and implementing privacy by design measures, and making sure these policies are published and known about by management. Taking good notes and doing homework assignments came to my mind when…
Data Security

[Podcast] The Challenges and Promise of Digital Drugs

Recently the Food and Drug Administration approved the first digital pill. This means that medicine embedded with a sensor can tell health care providers – doctors and individuals the patient approves – if the patient takes his medication. The promise is huge. It will ensure a better health outcome for the patient, giving caretakers more time with the ones they love. What’s more, by learning more about how a drug interacts with a human system,…
Compliance & Regulation

[Podcast] Privacy Attorney Tiffany Li and AI Memory, Part II

Tiffany C. Li is an attorney and Resident Fellow at Yale Law School’s Information Society Project. She frequently writes and speaks on the privacy implications of artificial intelligence, virtual reality, and other technologies. Our discussion is based on her recent paper on the difficulties of getting AI to forget. In this second part, we continue our discussion of GDPR and privacy, and examine ways to bridge the gap between tech and law. We then explore…