INSIDER THREAT SECURITY BLOG

Microsoft recently updated their guidance for organisations. The guidance includes some significant changes to how organizations should approach privileged access, so Stealthbits (now part of Netwrix) is here to provide advice and guidance on what this means for you. Tiered access model and the red forest To protect our most privileged credentials, for the last several years Microsoft has described using the tiered access model (TAM), coupled with the Enhanced Security Admin Environment…

Understanding the Risk of Active Directory Permissions and Shadow Access I recently covered the topic of Active Directory permissions by giving an overview on how to apply them and view what already exists in your organization. In this blog, I’ll be taking a deeper dive into Active Directory permissions, outlining potential risks that exist when certain permissions are applied to certain objects. Why Do Active Directory Permissions Create Risk? So how do Active Directory permissions …

Active Directory Delegated Permissions Overview The importance of Active Directory permissions cannot be understated, the capability for users to write and perform certain actions against your Active Directory can lead to unintended changes, unnecessary risk for attack vectors and lateral movement, or total domain compromise. In this blog, I’ll be going over, at a high level, how Active Directory permissions are applied, and how to view them natively. In the future, I’ll be covering how to…

It’s often helpful to know which Active Directory groups your current user is a member of when joined to a domain. That information is typically easy to obtain, however you need to know where to look. For many, having a graphical UI is helpful for any task. While this isn’t the quickest way to locate your AD group membership, it’s the best way if you want to avoid the command line (i.e. PowerShell or Command Prompt). Let’s discuss several methods to achieve our goal, including via the U…

The Linux operating system has come a long way since 1991 when it was first introduced by Linux Torvalds as a free operating system.  Today, some form of Linux is used in devices ranging from high-end servers to IoT devices. More often than not, common database platforms such as Oracle, PostgreSQL, MySQL, and MongoDB, are deployed on servers running Linux.  One notable exception was the Microsoft SQL Server.  That changed recently after Microsoft announced support for Linux sta…

This blog uses apt commands in its examples (for Debian-based distros like Ubuntu, Kali, Mint, etc.), however, examples have also been tested with yum/dnf commands (for RPM-based distros like CentOS, Red Hat, Fedora, openSUSE, etc.). A Very Brief Summary of Linux With Active Directory When joining a Linux host to Active Directory (AD), two components are required. The first component handles the central identity and authentication source. In this case, that’s Active Directory. The secon…

Part 2 – Active Directory This is the second part of a three part series on Maersk, me, & notPetya, a blog post by Gavin Ashton about his experiences responding to and recovering from the NotPetya ransomware outbreak at Maersk. Not everyone realizes that in the last several years ransomware has made significant advances in its ability to not just infect a single computer, but to also pivot from that computer and infect other workstations and servers. Following a common pattern …

Kerberos Explained   Kerberos is an authentication protocol enabling systems and users to prove their identity through a trusted third-party. The protocol was initially developed at the Massachusetts Institute of Technology (MIT) as part of a larger project called Project Athena. Project Athena was a joint initiative of MIT, Digital Equipment Corporation, and IBM to build a distributed computing environmen…

What is Changing? In March, Microsoft will be releasing a patch that includes new audit events, additional logging, and some changes to group policy settings. Later in 2020, Microsoft will be changing the behavior of the default values for LDAP channel binding and signing. They’re making these changes because the current default settings allow for a potential man-in-the-middle attack that can lead to privilege escalation. This means, once the default settings are changed, that any new doma…

Discovery Solution for Microsoft’s March 2020 Update Lightweight Directory Access Protocol (LDAP) – How did we get here? 20 years ago, I embarked on the fantastical journey that was migrating from NT4 to Active Directory. This is also when I began learning the power of LDAP. While it was technically available, very few companies implemented secure LDAP in the early days. Most enterprise applications or internal applications took advantage of the directory (and in a wide variety of ways)…