The push for data privacy has exploded in recent years, with regulations such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) leading the charge. This means consumers around the globe are gaining rights regarding how their data is collected, stored, processed and sold, as well as more ways to hold companies accountable when poor data security practices lead to data breaches involving personally identifiable information (PII).

The Windows registry is a database that contains important information about your computer — users, preferences, applications, attached devices and much more. The Windows operating system constantly refers to the registry; for example, to open a program, install new software or change your hardware, Windows must check the values of certain registry keys.

Local WMI querying is straightforward to implement and troubleshoot — but remote WMI querying is another story. Indeed, setting up secure remote WMI querying for a user with no admin rights is a daunting task. This blog can help. I’ll walk you through the steps I used to enable a standard domain user to query the Microsoft SQL Server WMI namespace class on a Windows Server 2012 R2 running Microsoft SQL Server 2016.

Mimikatz is a popular post-exploitation tool that hackers use for lateral movement and privilege escalation. While Mimikatz is quite powerful, it does have some important limitations: As a result, other toolkits have been created to complement Mimikatz. This article explains how three of them — Empire, DeathStar and CrackMapExec — make attacks easier for adversaries.

Imagine being named XYZ in a crowd of other XYZs – a purposeless name that creates confusion and does not communicate a purpose, adding to the cognitive pile of everyone’s day-to-day tasks. Similarly, Active Directory groups created by users need to have logical names so that current and future users do not find themselves stuck in a pickle.

IT risk assessments are vital for cybersecurity and information security risk management in every organization today. By identifying threats to your IT systems, data and other resources and understanding their potential business impacts, you can prioritize your mitigation efforts to avoid costly business disruptions, data breaches, compliance penalties and other damage.

Even if you have implemented a Zero Trust security paradigm for network and infrastructure security, you need to plan for the inevitable — at some point, an attacker will get into your network with the intent to deploy ransomware or cause other damage A typical attack goes something like this: There is a misconception that lateral movement threats are limited to on-prem networks.

There is an old saying: “One person’s tool is another person’s weapon.” That is certainly true of Windows PowerShell. Included with every Windows operating system today, this powerful command-line shell and scripting language is used by IT professionals for system administration, remote management, cybersecurity, software development and more.

Deception technology is a cybersecurity strategy that utilizes decoys to gather information about current threats and attack methodologies used by cybercriminals. The premise of this approach is to offer some sort of bait in your network, such as a fake database that looks like a legitimate one, that attackers will find too enticing to pass up.

Sysmon is a component of Microsoft’s Sysinternals Suite, a comprehensive set of tools for monitoring, managing and troubleshooting Windows operating systems. Version 13 of Sysmon introduced monitoring for two advanced malware tactics: process hollowing and herpaderping. This article explains what these tactics are, why they are so dangerous and how you can now detect them using Sysmon.