Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

December 2022

Firewall Log Management and SIEMs

Firewalls are the first line of defense in any network. Firewalls can be software or appliances, and organizations can configure them up to allow or disallow some or all IP traffic, or to verify specific traffic types based on rules that use deep packet inspection. For maximum effectiveness, it’s critical to monitor the operation of your firewalls to spot threats and misconfiguration.

What is Database Hardening and Why Is It Critical?

Hardening the various systems across your network helps you improve your cybersecurity posture level and block attacks. Hardening includes regular patching of known software vulnerabilities and turning off nonessential services on each system to reduce the number of processes that can be exploited. Hardening your database servers is a vital part of this information security strategy.

Event Log Monitoring and Log Audit Software Basics

Event logs can help you spot and troubleshoot security events so you can protect your systems and data. However, log records can be hard to read, and logs so noisy that you often have to sift through pages of events to identify critical events and potential threats. Read on to learn more about audit logs, log analysis and log auditing software.

How NTFS Alternate Data Streams Introduce Security Vulnerability

You may not be familiar with NTFS file streams, but you use them every day when you access files on any modern Windows system. This blog post explains this feature of NTFS ADS, shows how hackers can exploit file stream functionality in cyberattacks, and offers strategies for defending your organization.

Using LDAP Ping to Enumerate Active Directory Users

LDAP Nom Nom is a recently discovered brute-force technique for enumerating valid usernames in Active Directory — anonymously and without leaving any log entries behind. It abuses LDAP Ping, a little-known mechanism in Active Directory normally used by computers to check whether a domain controller is alive. This blog post explains how LDAP Ping works and how adversaries can abuse it with LDAP Nom Nom.

Finding Abusable Active Directory Permissions with BloodHound

BloodHound is a powerful tool that identifies vulnerabilities in Active Directory (AD). Cybercriminals abuse this tool to visualize chains of abusable Active Directory permissions that can enable them to gain elevated rights, including membership in the powerful Domain Admin group. This guide is designed to help penetration testers use BloodHound to identify these vulnerabilities first, so enterprises can thwart attacks.

Locating Service Accounts to Facilitate Management and Cleanup

This post explains how to collect detailed lists of your Active Directory service accounts so you can implement proper governance to reduce your attack surface area. Specifically, it details how to enumerate service accounts used by the following: This will enable you to identify a significant portion of your service accounts. However, note that service accounts can also be used in virtual directories, authentication settings, etc.

The Modern Data Repository: Understanding Your Options

Today, organizations have a variety of options for storing the data they generate, collect and use. Options for data repositories include: Choosing the best option for a given business situation depends on a variety of factors, including the needs of your user base, the skills of your DBAs and other database resources, the reporting and analysis requirements for business decisions, and whether you are storing structured or unstructured data.

Finding Abusable Active Directory Permissions with BloodHound

BloodHound is a powerful tool that identifies vulnerabilities in Active Directory (AD). Cybercriminals abuse this tool to visualize chains of abusable Active Directory permissions that can enable them to gain elevated rights, including membership in the powerful Domain Admin group. This guide is designed to help penetration testers use BloodHound to identify these vulnerabilities first, so enterprises can thwart attacks.

PUBLIC Role in Oracle

Roles make it easier to grant and revoke privileges for users of a relational database. Rather than managing privileges for each user individually, you manage privileges for each role and all changes apply to all users who are assigned that role. Organizations often create multiple roles to suit their unique needs. However, most databases come with a pre-defined role called PUBLIC. In this blog, we explain what the PUBLIC role means in Oracle and key best practices for using it.

Unconstrained Delegation

Unconstrained delegation represents a serious cybersecurity risk. By taking steps to abuse the Active Directory delegation controls applied to user and computer objects in an AD environment, an attacker can move laterally and even gain control of the domain. This blog post explores this area of attack (unconstrained delegation) and offers security teams and administrators effective strategies for mitigating this security risk.