Windows Servers are practically irresistible to hackers everywhere. This makes the lone Windows Server a perfect candidate for a honeypot. In this post we explore how to use a Windows Server to divert a hacker’s attention from what matters than by giving them what they think is an easy win!
Join risk3sixty on Thursday, May 9th from 11:15am to 1pm, where we will be co-hosting a NW Atlanta AWS Meetup with Afonza. AWS principle solution architect, Craig Lawson will be speaking about IoT within AWS.
Many modern forms of malware are now file-less and rely on Command & Control (C2) infrastructure to assist outsiders with gaining unauthorized access to networks. This malware “phones home” to remote attackers, who then leverage the internal foothold to infiltrate networks and execute attacks. These attacks can be difficult to detect when security monitoring is[…]
One of the biggest threats facing enterprises are outsiders plugging directly into an Ethernet port and being granted instant, unauthenticated access to the network. This threat is especially common in hospitals where there is heavy use of computer systems mixed with untrusted outsiders roaming the halls. Shutting down unused ports is the traditional mitigation. Still[…]
In March, 2019, risk3sixty will be hosting SANS MGT414 training program for CISSP Certification.
This course is an accelerated review course that is specifically designed to prepare students to successfully pass the CISSP® exam.
Developing a cyber security baseline can be daunting. Oftentimes the burden falls on the Chief Information Officer or Chief Technology Officer. Before implementing any tool or assessments, management should establish a security baseline.
Bottom Line Up Front Security Researchers have publicly disclosed the details of CPU design flaws that are the result of design decisions made industry wide more than a decade ago to speed up processing and allow a computer’s processor to access information before it was needed. The resultant vulnerabilities, Meltdown and Spectre both exist outside[…]
This past week I completed the SANS SEC560 – Network Penetration Testing and Ethical Hacking course at the SANS Cyber Defense Initiative in Washington DC. With the experience fresh on my mind, I wanted to share my impressions with others considering SANS training. A Quick Overview of the SANS 560 Class Experience Curriculum Overview SANS[…]
This week, Belgian security researcher Mathy Vanhoef released a research paper documenting his discovery of a serious weakness in the WPA2 wireless protocol, which is used to secure all modern protected Wi-Fi networks. The exploit uses a technique called a Key Reinstallation Attack (or KRACK for short), which exploits a weakness in the way that[…]
The Windows IT Administrator tends to be the most high-risk user in the organization. IT Administrators have the potential to perform everyday user tasks with domain admin level accounts; they are most likely to have the ability to use external media in their PCs freely; and, even in the case where the admin user is thoughtfully[…]