Securing gMSA Passwords
Abusing gMSA Passwords to Gain Elevated Access
gMSA Recap
If you’re not familiar with Group Managed Service Accounts (gMSA), you can review my last post which gave a high-level overview of how they work. In case you need a quick recap, a gMSA is a special Active Directory object used for securely running automated tasks, services and applications. The most important thing to note about these accounts, which plays into to their increased security, is the automatically generate…
Passwordless Authentication with Windows Hello for Business
Passwords are everywhere and nobody likes them. Not only are they a pain to remember and manage, but they also continue to be a primary source of data breaches. This affects companies whether they are storing their data in the cloud or on-premises. According to the 2020 Verizon DBIR, 77% of cloud breaches involved stolen and compromised credentials.
Clearly, passwords aren’t great and there are better ways of doing things. Smartphones and tablets have moved away from passwords…
Data Security vs Data Privacy
Data is quite possibly the most critical asset within any organization and is at the heart of most, if not all, cyberattacks. Organizations struggle to implement the appropriate processes to ensure data is being protected from both internal and external threats. When talking about protecting data, Data Security and Data Privacy go hand in hand. In order to ensure data privacy, the appropriate data security controls need to be in place. It’s important to understand the difference between thes…
Back to “The Basics” Blog Series – Part 3: Privileged Access
Webinar Preview: Back to “The Basics” – Pragmatic advice from Gavin Ashton, author of “Maersk, me, & notPetya”
Part 3 – Privileged Access
This is the final installment of a three-part series on Maersk, me, & notPetya, a blog post by Gavin Ashton about his experiences responding to and recovering from the NotPetya ransomware outbreak at Maersk. If you’ve missed Part 1 or Part 2, give them a quick read!
At the root of this attack, and so many before it lies…
Public Roles in Oracle
Roles in relational databases make it easier to grant and revoke privileges from multiple users at once. Multiple users can be grouped into one or more roles in a database. Rather than revoking or granting a privilege to a user or a group of users, the privilege can be granted or revoked from the ROLE. While users can create their own roles and assign one or more privileges to the roles, most databases come with a pre-defined role called PUBLIC.
In this blog, I will try to exp…
How to Use Native SharePoint Online and OneDrive Activity Auditing
If you are a security analyst, engineer, admin, or otherwise responsible for protecting the personal and private data of employees and customers – the following 3 statistics should frighten you.
The frequency of insider threats incidents has increased by 47% in the past two years – the Ponemon Institute Disgruntled employees rank in the top 5 contributors for insider data breaches according to Verizon. Somewhere between 20 and 30 mi…
Back to “The Basics” Blog Series – Part 2: Active Directory
Part 2 – Active Directory
This is the second part of a three part series on Maersk, me, & notPetya, a blog post by Gavin Ashton about his experiences responding to and recovering from the NotPetya ransomware outbreak at Maersk.
Not everyone realizes that in the last several years ransomware has made significant advances in its ability to not just infect a single computer, but to also pivot from that computer and infect other workstations and servers. Following a common pattern…
PROTIP: Policy Registration & Managing StealthINTERCEPT via PowerShell and Editing StealthDEFEND Investigations & Categorizing Playbooks
There are actually four (4) ProTips in this blog (Click below to go to one you want):
Multiple Policy Registration in StealthINTERCEPTManaging StealthINTERCEPT via PowerShellEditing StealthDEFEND Investigations the Lazy WayCategorize StealthDEFEND Playbooks to Reduce Clutter
Multiple Policy Registration in StealthINTERCEPT
The capability has long existed in StealthINTERCEPT to have a single policy with multiple event registrations. There are particular situations when you need…
Stealthbits Detects More Threats & Reduces Attacker Dwell Time with New Capabilities
Cyberattacks and data breaches are simply too common, with nearly 4,000 confirmed data breaches reported in the latest 2020 Verizon Data Breach Investigations Report. Recent news demonstrates Active Directory (AD) is under heavy attack from adversaries of all types, including nation-state sponsored and organized cybercriminal groups alike.
June 17, 2020 – North Korea’s state hackers caught engaging in BEC scams
“We found that the attackers queried the AD (Active Direct…
What Is Kerberos?
What is it?
Kerberos is an authentication protocol enabling systems and users to prove their identity through a trusted third-party. The protocol was initially developed at the Massachusetts Institute of Technology (MIT) as part of a larger project called Project Athena. Project Athena was a joint initiative of MIT, Digital Equipment Corporation, and IBM to build a distributed computing enviro…
