What is Kerberos Delegation? An Overview of Kerberos Delegation
Kerberos Delegation and Usage
Kerberos delegation has been around for a long time (Windows Server 2000 to be exact), but more often than not, when speaking to engineers who manage or work with Active Directory, they’re not familiar with all the various implementations of Kerberos delegation, their uses, and some ways they can be abused. What I find funny, is that most people confuse Kerberos delegation with delegated permissions.
The practical usage of Kerberos delegation is to enable a…
Cybersecurity Predictions for 2020
It’s that time of the year again! As we roll into 2020 we’re
proud to present our 4th edition of “STEALTHbits’ Experts
Cybersecurity Predictions.”
We asked eight of our top industry voices here at STEALTHbits their thoughts on what’s to come in the world of cybersecurity in the next 365 days! Read on and come back at the start of 2021 to see how we did.
Ransomware Will Continue To Wreak Havoc Using the Same Old Tricks
Ransomware attacks will continue to impact organizations causing s…
How to Harden your SharePoint Online Environment by Disabling Legacy Authentication
Allowing legacy authentication to your SharePoint online tenant unnecessarily exposes it to a number of attacks and exploits that you can easily avoid by simply disabling legacy authentication to your tenant. Microsoft has made it clear that all roads lead to the cloud, and with that Azure Active Directory has become an even more critical piece as the identity provider to O365. Microsoft has introduced a number of security-focused features into its cloud platform over the last couple of years…
How to Identify Phishing Scams and Protect Against Them
Phishing scams are a very common technique used by identity
thieves to trick you into giving them your sensitive personal or financial
information. Thieves will often impersonate actual companies like credit card
companies, banks or online resources such as PayPal or Dropbox. It is a
challenge to recognize what is real and what isn’t but there are a few things
you can do to make yourself/your organization less susceptible to this type of
scam.
Traditional Approach
Before we discuss a no…
Key Requirements of the NY SHIELD Act and How to be Compliant
As more and more attacks are occurring each year with a record 4.1 billion records breached in just the first half of 2019, according to Forbes– data security regulation is becoming more of a priority. Just as we suspected with the signing of the GDPR regulation in the EU, similar regulation has sprung up in the U.S with the CCPA on the west coast in California and most recently spreading to the east coast in New York with the signing of the ‘Stop Hacks and Improve Electronic Data Security’ o…
Using The Azure Information Protection (AIP) Scanner to Discover Sensitive Data
Azure Information Protection (AIP) is Microsoft’s solution to classify, label, and protect sensitive documents. The AIP scanner runs as a Windows service and can be used to protect on-premise documents within the following data stores:
Local Folders where the scanner service
is configuredNetwork shares that use the SMB
protocolDocument Libraries and Folders for
SharePoint 2013-SharePoint 2019
Figure 1: AIP Scanner Architecture
By default, the AIP scanner client uses Windows IFilters …
Protip: How to Setup User Activity & Server Logon Scan in StealthAUDIT for SQL
Now that you have been using StealthAUDIT for SQL for a while, you might be wondering how to squeeze more value out of the product by enhancing the information it is collecting and reporting on.
StealthAUDIT for SQL relies on native SQL server auditing
capabilities to collect and report on user activity, as well as successful or
unsuccessful server or database logon activity. As a result, you will need to adjust some
additional configuration options within SQL to ensure you ca…
Redefining How Privileged Access is Granted – Stealthbits Privileged Activity Manager 1.3
Privileged access will always appeal to cyber attackers because of the access rights associated with these accounts. Despite significant investments in Privileged Access Management (PAM) technologies, privileged accounts are still massively overexposed. Traditional PAM providers have focused on controlling access to accounts and their passwords, not on the activities that need to be performed.
Go Vault-less
Ephemeral (temporary) Account Support = No Standing Privileges
Many PAM vendo…
What is Azure Active Directory?
High-Level Overview of Azure AD
If you’re reading the Insider Threat Security Blog, I’m sure you’re familiar with Active Directory. We’ve covered many topics with on-premise Active Directory: from clean-up to advanced attacks and threat detection. But what about Azure Active Directory? Has your organization started to march into the cloud and begun the migration process? Perhaps you’re just looking to wrap your head around what Microsoft has to offer. STEALTHbits is here to help.
Azure …
Fun with Active Directory’s AdminCount Attribute
This blog post is part of a series about Active Directory
attributes with values or behaviors that can be easily and inadvertently
misinterpreted and misused. This series will provide information about these
attributes, including both their limitations and their valid usages with respect
to the administration of Active Directory.
Active Directory is the primary authentication service used
by the vast majority of organizations, including more than 95% of Fortune 500
companies. Consequently…
