Introducing StealthAUDIT 11.5! Complete your cloud security puzzle. LEARN MORE


And other things that keep you up at night

Blog >Uncategorized

Browsed By
Category: Uncategorized

Insider Threat Podcast

How Attackers are Stealing your Credentials with Mimikatz – Insider Threat Podcast #6

In our sixth edition of the Insider Threat Podcast, once again we spoke with our resident white hat hacker, Jeff Warren. Jeff has just finished another in our ongoing blog series about insider attacks on Active Directory (AD). This time, the focus was the Mimikatz toolkit and all the ways it’s being used to exploit weaknesses in AD. You can find out more in the main series of blog posts about Mimikatz attacks as well as supplementary posts covering Skeleton Key, changing passwords, DCSYNC and…
The acceleration of Active Directory attacks against the enterprise

Defending Against Active Directory Botnets

Active Directory Enterprise Attack Vectors Active Directory (AD) enterprise attack vectors continue to get a lot of attention from security researchers. If history is our guide, it is only a matter of time before we see more active exploits in the wild. I sat in on Ty Miller and Paul Kalinin’s Black Hat presentation, “The Active Directory Botnet” this year and they unveiled a novel way to use, or more accurately abuse, Active Directory user attributes to create a communication channel betw…

Black Hat Roundup – Insider Threat Podcast #5

In our fifth edition of the Insider Threat Podcast, we caught up with Gabriel Gumbs who has just spent the week at Black Hat 2017. Gabriel is the STEALTHbits VP of Product Strategy and his mission was to meet with some of our customers and partners at the show as well as bring back any interesting exploits and vulnerabilities that were on display for us to chew on. He certainly found a few. There were, of course, the usual set of topic that have been mainstays for years. Security for cloud an…
Active Directory attack blog series

The Value of the Active Directory Attack Blog Series

Active Directory Attack Blog Series Spending time with customers in Texas last week left me speechless – literally. One customer asked me a question for which I was not prepared. They have been following our Active Directory attack blog series. They found it very interesting, but they had one major question. Why should they spend so much time thinking about what attackers do? If they spend all your time creating good security programs and practices, isn’t that the best they can do? I have …
Insider Threat Podcast

Understanding the Impact of NYCRR 500

In our third edition of the Insider Threat podcast, we turn from the bad guys attacking you to auditors attacking you. That’s a joke, but I know it does reflect the way it can feel sometimes. Many folks will ignore NYCRR 500 because they see “NYC” and think that means it isn’t about them, or they know it is being put out there by the New York State Department of Financial Services (DFS) and think that means it will not apply to them since they are not a financial. The scope of NYCRR 500 is li…

See a File Activity Monitor Demo without Leaving Your Desk

File Activity Monitoring Organizations spend thousands, if not millions of dollars, on their data storage infrastructure. However, many lack visibility into file activity on Network-attached storage (NAS) devices like NetApp, Dell EMC, and Hitachi—as well as Windows devices. This is because native auditing can present challenges like configuration complexity, undifferentiated events, and performance issues. As a result, companies are unable to answer basic questions like: Who moved, delete…

Security at the New Perimeter

During the Cloud Identity Summit 2017 keynote, there was a predictable discussion about the state of our deteriorating security perimeter. Given this is the year’s premiere identity event—and that the speaker was Ping Identity’s CEO—you may expect to hear the now ubiquitous meme: “Identity is the new perimeter.” That is not what we heard, though. I want to quote what he said exactly and spend some time breaking it down. His quote is: “Our perimeter isn’t disappearing – it’s shrinking…and if y…

Podcast: Service Account Attacks & How To Prevent Them

Service accounts are under managed and overprivileged. Being pushed along by application groups annoyed that they need to deal with any process at all, security or helpdesk folks simply make an account, give it rights, and get it in the hands of the application folks. The application team thinks the account is controlled like any other, but that’s wrong most of the time. The folks in charge of the directories think the application or security team are giving the service accounts special atten…
file access monitoring software

Gain Visibility into the Most Important Activity on Your Network with File Activity Monitoring

File Activity Monitoring With Russia’s suspected hacking of the U.S. elections still in the news, our office conversation turned to the topic of Edward Snowden. One of our executives commented that even with the billions the government spent on cybersecurity—including technologies like User and Entity Behavior Analytics (UEBA)—officials still don’t know exactly what information Snowden took. I mention this conversation because we’ve recently had a number of organizations, as well as partners…

Podcast: How to Stop Active Directory Attacks

We have just done the first episode of our Insider Threat podcast, and it was a little scary. I’m no stranger to doing a show; so that wasn’t scary. What was frightening is how easily the bad guys can exploit our Active Directory and Microsoft platforms. I sat down with Jeff Warren, who wrote our recent blog series, 4 Active Directory Attacks and How to Prevent Them, and asked him how difficult it was to find and deploy the attacks he described. Now, I know it isn’t hard to find ways to explo…




© 2022 Stealthbits Technologies, Inc.

Start a Free Stealthbits Trial!

No risk. No obligation.