The cybersecurity threat landscape is quickly changing. Administrators have become more cautious when it comes to security and governing access, end users have become tech-savvy and security-aware, and attackers have also raised their game. Living-off-the-land attacks, or LOTL, is one clear trend today, with attackers exploiting preinstalled features and default tools built into system.
Windows Server 2019 ships and installs with an existing level of hardening that is significantly more secure compared to previous Windows Server operating systems. Gone are the bloat of Xbox integration and services and the need for third-party security solutions to fill security gaps. Operating System (OS) hardening provides additional layers of security and preventative measures against both unauthorized changes and access.
In our last release of the PowerShell security series, we talked about how PowerShell could be leveraged by malicious actors to gain unprecedented access to your organization’s critical assets. From enumerating sensitive domain information and carrying out credential-based attacks to running malicious executables in memory (file-less malware), we shined a light on the potential of PowerShell and why it’s an ideal weapon for cyber attackers today.
Tools and features introduced with the intention of benefiting and empowering an organization can sometimes end up being misused. PowerShell is a classic example.
Support for Microsoft's 10-year-old operating system, Windows 7, will officially end in six months, yet research shows 18% of larger enterprises still have not migrated to Windows 10. At the beginning of the year, researchers found that 43% of organizations were still running Windows 7, 17% of which had no clue when the official end of life date was for the operating system.
When analyzing malware and adversary activity in Windows environments, DLL injection techniques are commonly used, and there are plenty of resources on how to detect these activities. When it comes to Linux, this is less commonly seen in the wild. I recently came across a great blog from TrustedSec that describes a few techniques and tools that can be used to do library injection in Linux.
EventSentry v3.5 continues to increase visibility into networks with additional vantage points, making it easier for EventSentry users to reduce their attack surface as well as discover anomalies.
