Determined human adversaries, or DHA for short, have changed the information security game for everyone. Many customers take actions in attempt to evict an emplaced attacker – actions that result in alerting the attacker to the organization’s knowledge of their presence, but don’t truly evict the attacker from the network. In this blog, we will … Continue reading “But I Reset the Password” – Remediating an Enterprise After a Targeted Attack
WannaCrypt has been all over the news lately, discussing its impact and repeating details from cybersecurity analysts. In this post, we look at ransomware and its origins to gain a better understanding of WannaCrypt.
Recently, social media and news sources have been thoroughly covering a vulnerability in Intel's various management technologies. Although there is definitely reason to be concerned, there appears to be a bit of misinformation about the vulnerability, likely either due to sensationalism or lack of research. As such, I felt it beneficial to provide a view … Continue reading Understanding the Vulnerability in Intel’s Management Technology
Pass the hash is one of most prevalent techniques used in targeted attacks today, due to its ease of use and effectiveness. Despite this prevalence, many organizations do misunderstand how the attack works and remain vulnerable. In this post, I will describe how a pass the hash attack works and provide some effective ways to … Continue reading Understanding and Preventing Pass the Hash Attacks
In this post, I will cover two ways to protect your enterprise from portable apps and commodity malware using free technologies. These simple efforts can significantly improve the security of your enterprise, reduce support costs that stem from malware infection, and improve user experience.
Antivirus, when used properly, can provide great protection for an organization if used effectively. Although antivirus may appear to be a set-it-and-forget-it software, diligence in managing antivirus can pay off. Understanding Signatures As you probably know, antivirus software works off of signatures of known malicious files. These signatures are distributed periodically to all antivirus clients, … Continue reading Understanding Antivirus – Signatures, Scans, and Schedules
One of the difficulties involved with malware analysis is determining exactly how concerned you should be when you find a new sample on your network. Categorizing malware does not require high cost tools and access to subscription-only databases (although these can help). The following is a list of ways to help determine how concerned you should … Continue reading Am I Pwned? – 5 simple ways to help determine if you should be concerned about malware you discover on your network
I am back to work again after taking some time to relax this holiday season. I look forward to resuming analysis of recent cyber trends and sharing my opinion and analysis with my readers this year. In addition, I have just started on my first book, which I hope to complete by June of this … Continue reading Beginning my first book
In November 2014, Microsoft issued a critical patch addressing a Kerberos issue on domain controllers. This vulnerability enables an attacker to leverage any authenticated session to create a Kerberos ticket which can have any group membership in the Active Directory domain, to include membership in domain admins, schema admins, enterprise admins, or BUILTIN\Administrators. In addition, a … Continue reading Understanding MS14-068
The Cold War was a unique period in history; a period of high political tension lasting for almost 45 years whereby the world was divided into distinct categories of extremely capable countries. The term “Cold War” was coined by George Orwell in an article entitled “You and the Atomic Bomb” published in the Tribune on … Continue reading Cyber Warfare and the New Cold War