Category: All Posts

  • Understanding and Preventing Pass the Hash Attacks

    Understanding and Preventing Pass the Hash Attacks

    Pass the hash is one of most prevalent techniques used in targeted attacks today, due to its ease of use and effectiveness.  Despite this prevalence, many organizations do misunderstand how the attack works and remain vulnerable.  In this post, I will describe how a pass the hash attack works and provide some effective ways to prevent its occurrence and effectiveness on your enterprise. (more…)

  • Patching and Vulnerability – The Plague of Portable Apps

    Software patching has long been considered a core capability within an enterprise, though the focus of software patching is almost always limited to software provided by the enterprise.  Unfortunately, many enterprises today struggle with reducing user rights due to application compatibility issues or support costs.  In addition, many users have discovered that they are able to download applications which do not require administrative permissions to install (such as portable apps).  These applications usually remain unpatched and vulnerable to exploitation.

    In this post, I will cover two ways to protect your enterprise from portable apps and commodity malware using free technologies.  These simple efforts can significantly improve the security of your enterprise, reduce support costs that stem from malware infection, and improve user experience. (more…)

  • Understanding Antivirus – Signatures, Scans, and Schedules

    Understanding Antivirus – Signatures, Scans, and Schedules

    Antivirus, when used properly, can provide great protection for an organization if used effectively.  Although antivirus may appear to be a set-it-and-forget-it software, diligence in managing antivirus can pay off. (more…)

  • Am I Pwned? – 5 simple ways to help determine if you should be concerned about malware you discover on your network

    One of the difficulties involved with malware analysis is determining exactly how concerned you should be when you find a new sample on your network.  Categorizing malware does not require high cost tools and access to subscription-only databases (although these can help).  The following is a list of ways to help determine how concerned you should be when your team discovers a new sample. (more…)

  • Beginning my first book

    I am back to work again after taking some time to relax this holiday season.  I look forward to resuming analysis of recent cyber trends and sharing my opinion and analysis with my readers this year.  In addition, I have just started on my first book, which I hope to complete by June of this year.  This book is designed to help those interested in information security and targeted attack understand the inticacies of remediating a targeted attack.  I plan to keep my readers updated on its status as it develops.  In addition, if there are any publishers interested in signing up a new author, please feel free to contact me.

  • Understanding MS14-068

    In November 2014, Microsoft issued a critical patch addressing a Kerberos issue on domain controllers.  This vulnerability enables an attacker to leverage any authenticated session to create a Kerberos ticket which can have any group membership in the Active Directory domain, to include membership in domain admins, schema admins, enterprise admins, or BUILTIN\Administrators.  In addition, a toolkit designed to exploit this vulneravbility has been published online since the beginning of December.

    (more…)

  • Cyber Warfare and the New Cold War

    The Cold War was a unique period in history; a period of high political tension lasting for almost 45 years whereby the world was divided into distinct categories of extremely capable countries. The term “Cold War” was coined by George Orwell in an article entitled “You and the Atomic Bomb” published in the Tribune on October 19, 1945. In addition to creating the term “Cold War”, Orwell made some very keen observations:

    • The atomic bomb is an extremely destructive force that is misunderstood by the masses, yet carries a significant possibility that their life will be affected by it
    • The atomic bomb was seen as a new revolution in war and was likened to the discovery of gunpowder
    • Few superpowers had this significant warfare at their fingertips thus creating an imbalance in battlefield equality
    • The atomic bomb has caused nations that were once thought to be unconquerable to enter a permanent state of ‘cold war’ with their neighbors thus prolonging indefinitely a ‘peace that is no peace’

    (more…)

  • Recovering Active Directory after Targeted Attack Compromise

    Over the past few years, I have had the opportunity to assist various organizations in detecting and removing attackers from large enterprises.  Throughout these efforts, I have noticed that remediation of this condition is a difficult and technically challenging task.  As a result, I decided to take this on as a challenge and develop a generalized framework for recovering Active Directory after compromise by targeted attack as my final project for my master’s degree.

    (more…)