Diversion Tactics: Using Vulnerable Windows Servers to Fool Hackers

Windows Servers are practically irresistible to hackers everywhere. This makes the lone Windows Server a perfect candidate for a honeypot. In this post we explore how to use a Windows Server to divert a hacker’s attention from what matters than by giving them what they think is an easy win!

Beyond Vulnerability Scans: Mitigating and Monitoring for Malware Leveraging C2 Systems

Many modern forms of malware are now file-less and rely on Command & Control (C2) infrastructure to assist outsiders with gaining unauthorized access to networks. This malware “phones home” to remote attackers, who then leverage the internal foothold to infiltrate networks and execute attacks. These attacks can be difficult to detect when security monitoring is[…]

Securing Enterprise Networks with Port-Based Network Access Control

One of the biggest threats facing enterprises are outsiders plugging directly into an Ethernet port and being granted instant, unauthenticated access to the network. This threat is especially common in hospitals where there is heavy use of computer systems mixed with untrusted outsiders roaming the halls. Shutting down unused ports is the traditional mitigation. Still[…]

Takeaways from SANS SEC560- Ethical Hacking and Pen Testing

This past week I completed the SANS SEC560 – Network Penetration Testing and Ethical Hacking course at the SANS Cyber Defense Initiative in Washington DC. With the experience fresh on my mind, I wanted to share my impressions with others considering SANS training. A Quick Overview of the SANS 560 Class Experience Curriculum Overview SANS[…]

The WPA2 KRACK Vulnerability and Potential Mitigation Steps

This week, Belgian security researcher Mathy Vanhoef released a research paper documenting his discovery of a serious weakness in the WPA2 wireless protocol, which is used to secure all modern protected Wi-Fi networks. The exploit uses a technique called a Key Reinstallation Attack (or KRACK for short), which exploits a weakness in the way that[…]

Privileged Access Workstations (PAW): A Mitigation Strategy for Pass-the-Hash, Phishing, Credential Theft Attacks and more

The Windows IT Administrator tends to be the most high-risk user in the organization. IT Administrators have the potential to perform everyday user tasks with domain admin level accounts; they are most likely to have the ability to use external media in their PCs freely; and, even in the case where the admin user is thoughtfully[…]