Going remote is the new reality as we continue to grapple with a devastating global pandemic. The transition to remote learning in our nation’s schools, in particular, has created a new level of upheaval and burden that’s impacted most every home and community. Luckily, most of Stealthbits’ existing corporate customers switched to digital work rather seamlessly after testing and reinforcing the security of their networks and IT infrastructure. Educational institutions, on the other hand, were…
Kerberos Delegation and Usage
Kerberos delegation has been around for a long time (Windows Server 2000 to be exact), but more often than not, when speaking to engineers who manage or work with Active Directory, they’re not familiar with all the various implementations of Kerberos delegation, their uses, and some ways they can be abused. What I find funny, is that most people confuse Kerberos delegation with delegated permissions.
The practical usage of Kerberos delegation is to enable a…
It’s that time of the year again! As we roll into 2020 we’re
proud to present our 4th edition of “STEALTHbits’ Experts
Cybersecurity Predictions.”
We asked eight of our top industry voices here at STEALTHbits their thoughts on what’s to come in the world of cybersecurity in the next 365 days! Read on and come back at the start of 2021 to see how we did.
Ransomware Will Continue To Wreak Havoc Using the Same Old Tricks
Ransomware attacks will continue to impact organizations causing s…
Allowing legacy authentication to your SharePoint online tenant unnecessarily exposes it to a number of attacks and exploits that you can easily avoid by simply disabling legacy authentication to your tenant. Microsoft has made it clear that all roads lead to the cloud, and with that Azure Active Directory has become an even more critical piece as the identity provider to O365. Microsoft has introduced a number of security-focused features into its cloud platform over the last couple of years…
Phishing scams are a very common technique used by identity
thieves to trick you into giving them your sensitive personal or financial
information. Thieves will often impersonate actual companies like credit card
companies, banks or online resources such as PayPal or Dropbox. It is a
challenge to recognize what is real and what isn’t but there are a few things
you can do to make yourself/your organization less susceptible to this type of
scam.
Traditional Approach
Before we discuss a no…
As more and more attacks are occurring each year with a record 4.1 billion records breached in just the first half of 2019, according to Forbes– data security regulation is becoming more of a priority. Just as we suspected with the signing of the GDPR regulation in the EU, similar regulation has sprung up in the U.S with the CCPA on the west coast in California and most recently spreading to the east coast in New York with the signing of the ‘Stop Hacks and Improve Electronic Data Security’ o…
Azure Information Protection (AIP) is Microsoft’s solution to classify, label, and protect sensitive documents. The AIP scanner runs as a Windows service and can be used to protect on-premise documents within the following data stores:
Local Folders where the scanner service
is configuredNetwork shares that use the SMB
protocolDocument Libraries and Folders for
SharePoint 2013-SharePoint 2019
Figure 1: AIP Scanner Architecture
By default, the AIP scanner client uses Windows IFilters …
Now that you have been using StealthAUDIT for SQL for a while, you might be wondering how to squeeze more value out of the product by enhancing the information it is collecting and reporting on.
StealthAUDIT for SQL relies on native SQL server auditing
capabilities to collect and report on user activity, as well as successful or
unsuccessful server or database logon activity. As a result, you will need to adjust some
additional configuration options within SQL to ensure you ca…
Privileged access will always appeal to cyber attackers because of the access rights associated with these accounts. Despite significant investments in Privileged Access Management (PAM) technologies, privileged accounts are still massively overexposed. Traditional PAM providers have focused on controlling access to accounts and their passwords, not on the activities that need to be performed.
Go Vault-less
Ephemeral (temporary) Account Support = No Standing Privileges
Many PAM vendo…
High-Level Overview of Azure AD
If you’re reading the Insider Threat Security Blog, I’m sure you’re familiar with Active Directory. We’ve covered many topics with on-premise Active Directory: from clean-up to advanced attacks and threat detection. But what about Azure Active Directory? Has your organization started to march into the cloud and begun the migration process? Perhaps you’re just looking to wrap your head around what Microsoft has to offer. STEALTHbits is here to help.
Azure …
This blog post is part of a series about Active Directory
attributes with values or behaviors that can be easily and inadvertently
misinterpreted and misused. This series will provide information about these
attributes, including both their limitations and their valid usages with respect
to the administration of Active Directory.
Active Directory is the primary authentication service used
by the vast majority of organizations, including more than 95% of Fortune 500
companies. Consequently…