Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 5
Now
that we understand how monitoring authentication patterns and
authentication-based attacks can lead to an overwhelming amount of data which prevents
any meaningful analysis, we can focus on our fifth, and final challenge of
monitoring critical systems.
Challenge 5 – Permission
Changes and Object Changes
Some of the most important changes to monitor within Active Directory are the changes to the security of the containers and objects. Permissions control who can elevate privile…
Advanced Data Security Features for Azure SQL- Part 2: Vulnerability Assessment
In my last blog post, we took a look at the Data Discovery & Classification features within the Advanced Data Security (ADS) offering for Azure SQL. In this blog post, we will take a deep dive into the Vulnerability assessment.
The SQL Vulnerability assessment provides administrators with a streamlined approach to identify and even remediate potential security misconfigurations or vulnerabilities within their Azure SQL databases. The Vulnerability Assessment is a scanning service that…
Microsoft Teams Quick Admin Guide to Collaborating Safely with External Users
According to a study conducted by Mio, 91% of businesses use at least two messaging apps, of which slack and Microsoft Teams are present in 66% of the organizations surveyed. Teams adoption has been growing quickly due to its interoperability with the rest of the Office 365 suite which makes collaborating easier than ever. While collaboration is great, security is a major concern for organizations who are still considering the move to Teams from Slack, Skype, etc. The great double-edged sword…
ProTip: Using the AIC to Identify Employees Attempting to Access Data They Shouldn’t Be
Breaches are an everyday occurrence. IT security
professionals work tirelessly to protect against attackers penetrating their
organization’s IT infrastructure, but what about the malicious insider?
Do you ever wonder if users in your organization are poking
around where they shouldn’t be?
An easy way to investigate, using out-of-the-box capabilities aligned with StealthAUDIT 9.0 and our Access Information Center (AIC), is to leverage the activity information available via Stealthbits Te…
Advanced Data Security Features for Azure SQL- Part 1: Data Discovery & Classification
Azure SQL provides DBA’s with an easy and efficient means of standing up relational database services for their cloud and enterprise applications. As with any database platform, security remains a top concern and has not been overlooked by Microsoft with the variety of security features available in Azure SQL, including those offered through the Advanced Data Security package.
The
Advanced Data Security package for Azure SQL provides administrators with a
single go-to location for discove…
Using CTFTOOL.exe to escalate privileges by leveraging Text Services Framework; and mitigation processes and steps
Overview
In this post, I will be looking at a new
exploit that leverages a weakness in Microsoft
Windows Text Services Framework to launch a child process that allows for
the escalation of privileges. I will give a brief overview of what the Text
Services Framework service does, what the exploit is, and how it could be used.
Then, I will go into more detail about how to run the exploit and different
methods that can be used for detection and mitigation of the exploit.
What is the Text S…
What are FSMO Roles in Active Directory?
Active Directory allows object creations, updates, and deletions to be committed to any authoritative domain controller. This is possible because every Active Directory domain controller maintains a writable copy of its own domain’s partition – except, of course, Read-Only Domain Controllers. After a change has been committed, it is replicated automatically to other domain controllers through a process called multi-master replication. This behavior allows most operations to be processed relia…
Understanding Passwords and Their Problems
What’s The Problem?
Today, with the Internet, social media, personal computers, online banking and everything else that exists, end-users need to create and maintain a large number of usernames and passwords for all of the accounts they have. This begins to create a problem. The many accounts we need to remember leads us to want to share passwords between different platforms, potentially including our work accounts. This is just one of the few contributors to the many password problems tha…
15 Cases for File Activity Monitoring: Part 3
Today,
we continue our discussion on real-life use cases for STEALTHbits file activity
monitoring solutions. The cases outlined in the previous blog post provided
examples of malicious access by internal users, administrators, and external
bad actors.
Case 11: Stale File Clean-Up
Knowing which files are being actively accessed helps
identify stale data for removal from active management, reclaiming storage
space and reducing an organization’s risk surface.
The
file activity monitor a…
How to Protect Office 365 by Classifying Your Data with Microsoft’s AIP Labels
Azure Information Protection labels or AIP labels can be created and applied to documents and emails. These labels can be used to classify content based on what the data is and how sensitive it is. This approach is extremely powerful when properly implemented as it provides security on your data even after it leaves your environment (if the label allows it to). In this post, I’ll walk through setting up Azure Information protection to use labels to classify and protect your content.
Suppor…
