Category: Insider Threat Security Blog

Where do My Files Sent Using Teams Chat Go?

Read the original article: Where do My Files Sent Using Teams Chat Go? Do you know what happens when you share a file via a Microsoft Team’s – Team Chat? That file is not just saved in the Teams chat…

Server (Un)Trust Account

Read the original article: Server (Un)Trust Account Active Directory persistence through userAccountControl manipulation I’ve been doing some research on group Managed Service Accounts (gMSAs) recently and reading the MS-SAMR protocol specification for some information. I happened to stumble across some…

What is Privacy by Design?

Read the original article: What is Privacy by Design? In this era of big data, it is in an organization’s best interest to seek to safeguard their critical data assets, especially sensitive data, to the best of their ability. However,…

Public Role in SQL Server

Read the original article: Public Role in SQL Server Roles in relational databases make it easier to grant and revoke privileges from multiple users at once.  Multiple users can be grouped into one or more roles in a database. Rather…

Easily Prevent More Breaches by Simply Preventing Bad Passwords

Read the original article: Easily Prevent More Breaches by Simply Preventing Bad Passwords A recent cyber-attack on the Canadian government was successful because of a well-known attack technique, credential stuffing. If you’re not familiar, credential stuffing is just taking credentials…

NTFS File Streams – What Are They?

Read the original article: NTFS File Streams – What Are They? NTFS file streams, also known as alternate data streams (ADS), are part of every file, as well as directories (folders), in a Windows NTFS volume.  NTFS files and folders…

Using PowerShell Cmdlets with StealthINTERCEPT 7.1

Read the original article: Using PowerShell Cmdlets with StealthINTERCEPT 7.1 StealthINTERCEPT 7.1 ships with a library of cmdlets for PowerShell (PS) which allows PS scripts to perform a majority to the configuration and control tasks normally carried out by the…

What is an Access Link in SharePoint Online?

Read the original article: What is an Access Link in SharePoint Online? This is what it looks like to create an access link, in this blog I will explain which settings affect what options are available on these link creation pages. SharePoint is all…

NIST Password Guidelines in 2020

Read the original article: NIST Password Guidelines in 2020 What are NIST Password Guidelines? Since 2014, the National Institute of Standards and Technology (NIST, a U.S. federal agency) has issued requirements and controls for digital identities, including authentication, passwords (known…

Lateral Movement to the Cloud with Pass-the-PRT

Read the original article: Lateral Movement to the Cloud with Pass-the-PRT There are several well-documented ways attackers and malware can spread laterally across Windows servers and desktops.  Approaches like pass-the-ticket, pass-the-hash, overpass-the-hash, and Golden Tickets continue to be effective lateral…

Securing gMSA Passwords

Read the original article: Securing gMSA Passwords Abusing gMSA Passwords to Gain Elevated Access gMSA Recap If you’re not familiar with Group Managed Service Accounts (gMSA), you can review my last post which gave a high-level overview of how they…

Data Security vs Data Privacy

Read the original article: Data Security vs Data Privacy Data is quite possibly the most critical asset within any organization and is at the heart of most, if not all, cyberattacks. Organizations struggle to implement the appropriate processes to ensure…

Public Roles in Oracle

Read the original article: Public Roles in Oracle Roles in relational databases make it easier to grant and revoke privileges from multiple users at once.  Multiple users can be grouped into one or more roles in a database. Rather than…

What Is Kerberos?

Read the original article: What Is Kerberos? What is it?   Kerberos is an authentication protocol enabling systems and users to prove their identity through a trusted third-party. The protocol was initially developed at the Massachusetts Institute of Technology (MIT) as part of a larger project called Project Athena. Project Athena was a joint initiative of MIT,…

Back to “The Basics” Blog Series

Read the original article: Back to “The Basics” Blog Series Webinar Preview: Back to “The Basics” – Pragmatic advice from Gavin Ashton, author of “Maersk, me, & notPetya” Part 1 – Ransomware The origins of modern ransomware trace back all…

A History of Passwords

Read the original article: A History of Passwords The following blog post was created using an excerpt from the Stealthbits Technologies/emt Distribution presentation “Prioritizing Password Security with Troy Hunt: The Good, the Bad, and the Ineffective”. Please see here to…

What is Data Lifecycle Management?

Read the original article: What is Data Lifecycle Management? Data Lifecycle Management (DLM) can be defined as the different stages that the data traverses throughout its life from the time of inception to destruction. Data lifecycle stages encompass creation, utilization, sharing, storage, and deletion.  Each stage of…

What is the SigRed vulnerability in Windows DNS Server?

Read the original article: What is the SigRed vulnerability in Windows DNS Server? What is it? SigRed, CVE-2020-1350, is a remote code execution vulnerability in the Microsoft Windows DNS server that was publicly disclosed on July 14, 2020, by Israeli…

What are Group Managed Service Accounts (gMSA)?

Read the original article: What are Group Managed Service Accounts (gMSA)? High Level Overview of GMSAs Group Managed Service Accounts Overview Group Managed Service Accounts (gMSA) were introduced in Windows Server 2016 and can be leveraged on Windows Server 2012…

The Importance of Updating Your Breach Password Dictionary

Read the original article: The Importance of Updating Your Breach Password Dictionary With breaches and cyber-attacks continually increasing every year, a constant stream of compromised passwords finds their way to the dark web for purchase and use. This should NOT…

What is Sensitive Data?

Read the original article: What is Sensitive Data? Sensitive data is a term that we hear quite often these days, especially as it relates to the plethora of data privacy laws that have been introduced over the past several years.…

Windows Remote WMI Security Primer for the Faint-Hearted

Read the original article: Windows Remote WMI Security Primer for the Faint-Hearted StealthAUDIT, a best in its class Data Access Governance (DAG) tool utilizes Windows Management Instrumentation (WMI) extensively to gather various pieces of information from the targeted Windows servers. …

Auditing Administrator Access Rights

Read the original article: Auditing Administrator Access Rights Identifying Administrative Privileges Across IT Resources Accounts with administrative and elevated privileges are necessary for both business and IT functions, but also represent a significant risk to your organization. Privileged credentials in…

Auditing Administrator Access Rights

Read the original article: Auditing Administrator Access Rights Identifying Administrative Privileges Across IT Resources Accounts with administrative and elevated privileges are necessary for both business and IT functions, but also represent a significant risk to your organization. Privileged credentials in…

Improving the Accuracy of Detecting Deleted Resources

Read the original article: Improving the Accuracy of Detecting Deleted Resources In the File Systems Data Collector for StealthAUDIT, we collect various types of information about files and folders including permissions, file size, activity data, sensitive data, etc. One of…

Improving the Accuracy of Detecting Deleted Resources

Read the original article: Improving the Accuracy of Detecting Deleted Resources In the File Systems Data Collector for StealthAUDIT, we collect various types of information about files and folders including permissions, file size, activity data, sensitive data, etc. One of…

An Amazon Macie Alternative

Read the original article: An Amazon Macie Alternative If you’re storing data in Amazon S3 (Simple Storage Service) buckets, it’s highly likely you’ve taken a look at Amazon Macie. If you’re new to the AWS ecosystem, Macie is a tool…

An Amazon Macie Alternative

Read the complete article: An Amazon Macie Alternative If you’re storing data in Amazon S3 (Simple Storage Service) buckets, it’s highly likely you’ve taken a look at Amazon Macie. If you’re new to the AWS ecosystem, Macie is a tool…

Bypassing MFA with Pass-the-Cookie

Multi-factor Authentication (MFA) is a great way to increase security on web applications, remote desktop sessions, VPN, and virtually anywhere a user can log into. By introducing one or more additional factors into the authentication process you can prove somebody actually…

What is a Data Breach and How to Prevent One

Data breach. There are fewer times that two simple words invoke so many fearful thoughts in the mind of a C-level executive. How did it happen? What was taken? What are we going to do? Who was responsible? There are…

What is a Data Breach and How to Prevent One

Data breach. There are fewer times that two simple words invoke so many fearful thoughts in the mind of a C-level executive. How did it happen? What was taken? What are we going to do? Who was responsible? There are…

Sensitive Data Discovery for Compliance

The industrial revolution began in the late 18th century and revolutionized the manufacturing process; in a similar manner, the digital revolution happening now is fundamentally changing the way that organizations conduct business. The Digital revolution is all about the digital…

What are Browser Cookies and How do They Work?

If you have ever surfed the web, you have almost certainly encountered browser cookies among your digital travels. Although for some they may be a nuisance, for the majority browser cookies are an essential part of the internet experience, often…

What are Browser Cookies and How do They Work?

If you have ever surfed the web, you have almost certainly encountered browser cookies among your digital travels. Although for some they may be a nuisance, for the majority browser cookies are an essential part of the internet experience, often…

How to Set Up a VPN Tunnel to Microsoft Azure

Microsoft Azure offers different variations of the SQL databases that can be deployed based on the workload and complexity requirements as follows: Azure SQL Databases – This is a fully managed SQL database engine created using the latest version of…

SMBv3 Vulnerability Explained

SMBGhost What Happened? This week, Microsoft accidentally published information around a newly identified vulnerability in SMBv3, which is being dubbed SMBGhost. This vulnerability can lead to remote code execution on the server, which is always a major concern as far…

Microsoft LDAP Channel Binding and Signing Patch

Discovery Solution for Microsoft’s March 2020 Update Lightweight Directory Access Protocol (LDAP) – How did we get here? 20 years ago, I embarked on the fantastical journey that was migrating from NT4 to Active Directory. This is also when I…

Best Practices for Storage Reclamation – Part 1 of 3

Data Access Governance (DAG) has many different types of use cases, with most falling into three main categories: data security, regulatory compliance, and operational efficiency.  There has been a lot written about security due to the increasing frequency of ransomware…

Best Practices for Storage Reclamation – Part 1 of 3

Data Access Governance (DAG) has many different types of use cases, with most falling into three main categories: data security, regulatory compliance, and operational efficiency.  There has been a lot written about security due to the increasing frequency of ransomware…

What is SMBv1 and Why You Should Disable it

Eternally Affected What is SMB? Server Message Block (SMB) is a protocol used primarily for sharing files, printer services, and communication between computers on a network. The history of SMB is long, so I’ll try to keep this short and…

What is SMBv1 and Why You Should Disable it

Eternally Affected What is SMB? Server Message Block (SMB) is a protocol used primarily for sharing files, printer services, and communication between computers on a network. The history of SMB is long, so I’ll try to keep this short and…