Commando VM is a testing platform that Mandiant FireEye created for penetration testers who are more comfortable with the Windows operating system. Windows Commando VM is essentially the sister to Kali Linux, a Linux testing and malware analysis platform widely used by the penetration testing community. These security testing platforms are packaged with all the common solutions and scripts that a pentester would need for offensive testing.
Multi-factor authentication (MFA) is a great way to increase both on-premises and cloud security. With MFA in place, when a user logs on, they are required to provide not only their user ID and password but another authentication factor, such as a code sent to their phone. This process reduces the attack surface by preventing adversaries with stolen user credentials from logging on. However, MFA is not a cybersecurity panacea.
Changes to your IT devices, systems and servers are inevitable — but they can introduce critical security weaknesses. A file integrity monitoring (FIM) solution will track changes to your system and configuration files so you can promptly verify patch rollouts and investigate and mitigate unauthorized modifications — helping your business maintain a strong security posture and ensure ongoing regulatory compliance.
Database roles are similar to Windows groups — rather than revoking or granting access to each user separately, administrators manage access by granting or revoking permissions from roles and by changing role membership. Using roles makes it easier to accurately grant and revoke privileges for database users. And since multiple users can be members of a SQL database role, you can easily manage rights for a whole group of users at once.
Internal reconnaissance is one of the first steps an attacker will take once they have compromised a user or computer account in your network. Using various tools or scripts, they enumerate and collect information that will help them identify what assets they should try to compromise next to get what they want. For example, BloodHound will map out attack paths that can enable an adversary to escalate their privileges from ordinary user to admin.
Network File System (NFS) is an open standard for distributing a file system across a network for multi-client access. Designed in 1984, NFS has grown to include many authentication methods at both the share (export) and file system levels, including client IP/hostname, auth_sys (Unix auth), Kerberos and NFSv4.x ACLs. This blog post explains how to mount an NFS share on a Windows client.
Back in 2018, GitHub celebrated 100 million open source repositories, and it has only been growing since then. How can you make sure your sensitive credentials and authentication tokens aren’t exposed to access by the public? Read this blogpost to learn how to save your API keys and other important data from being disclosed.
Understanding Active Directory (AD) permissions is vital for cybersecurity, compliance and business continuity. In this blog, we’ll be going over, at a high level, how Active Directory permission are applied in a domain and how to view them natively. The most common way to apply Active Directory permissions is through the tool Active Directory Users and Computers (ADUC). There are two ways in ADUC to apply permissions: This blog post will cover both of these options.
Since 2014, the National Institute of Standards and Technology (NIST), a U.S. federal agency, has issued guidelines for managing digital identities via Special Publication 800-63B. The latest revision (rev. 3) was released in 2017, and has been updated as recently as 2019. Revision 4 was made available for comment and review; however, revision 3 is still the standard as of the time of this blog post.
This post walks you through the steps of setting up a point-to-site VPN connection from a Windows server running Netwrix StealthAUDIT, so you can discover and monitor all your Azure SQL databases.
Active Directory user objects possess a number of logon metadata attributes that are valuable for Active Directory audit reporting and administration. For example, they are commonly used to identify user accounts that have been inactive for a significant period, or as “stale” accounts. However, each logon metadata attribute has some unique behaviors that need to be understood.
One critical way that attackers gain access to an IT environment and escalate their privileges is by stealing user password hashes and cracking them offline. We covered a method for harvesting service account passwords in our post on Kerberoasting. Here we will explore a technique that works against certain user accounts, AS-REP Roasting. We’ll cover how adversaries perform AS-REP Roasting using the Rubeus tool and how you can defend your organization against these attacks.
Note: The examples in this post use apt commands, which are for Debian-based operating systems like Ubuntu, Kali and Mint. However, the examples have also been tested with yum/dnf commands for RPM-based distros like CentOS, Red Hat, Fedora and openSUSE.
