Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Windows

Windows Zero-Day Threat: Protect Your NTLM Credentials

A newly discovered zero-day vulnerability in Windows potentially exposes users across multiple Windows versions to credential theft. Discovered by 0patch researchers, this critical security flaw allows attackers to steal NTLM credentials through a deceptively simple method. The vulnerability affects a wide range of Windows systems, including: Technical details of the vulnerability are withheld to minimize exploitation risk until Microsoft issues a fix to minimize any further risk of exploitation.

How to Install BDRSuite Offsite DR Server on Windows

Welcome to the BDRSuite How-To Series! In this video, we'll guide you through the process of installing the BDRSuite Offsite DR Server on a Windows machine. Whether you're setting up for the first time or reinstalling, this tutorial covers everything you need to get BDRSuite Offsite DR Server up and running smoothly on your Windows system.

Disable Secure Boot in Windows: A Step-by-Step Guide

Usually, the secure boot option is turned on by default with your Windows server PC, but there are some cases when it is already disabled. To confirm and to disable secure boot you need to open device settings from Windows Security Center and see that if the option exists. If you see this Secure Boot option there, it means that secure boot is enabled on your device otherwise disabled. Now we will talk about a step by step guide on how to disable secure boot: 2.

Delete Registry Keys Using PowerShell

In Windows system administration, one of the more advanced yet important tasks that can be accomplished using PowerShell is deleting registry keys and values. This operation requires careful handling to avoid unintended consequences. Registry keys and values in Windows are critical components that store configuration settings for the operating system and installed applications. Modifying the registry can lead to system instability or even failure if not done correctly.

Navigating User Account Management for Enhanced Windows Security

Your network is comprised of devices and users, and both require proper management. For a user to access a device and its hosted assets, that user requires a user account that has access to the computer. The allocation and management of these accounts are important for multiple reasons including security, personalization and accountability.

Understanding NTLMv1, NTLMv2 and NTLMv2 Session Security Settings

NTLM has three versions - NTLMv1, NTLMv2 and NTLMv2 Session Security. NTLMv2 is supposed to offer better security than its previous version, and to some extent it does provides better defense against relay and brute force attacks, but does not completely block them. NTLMv2 Session Security is a session security protocol that can be used in conjunction with NTLMv1 or NTLMv2 to provide additional security.

Why the Sysdig Windows agent matters in the cloud

The Sysdig Windows agent is a game-changer for cloud infrastructure, particularly when it comes to securing Windows containers in Kubernetes environments. While many endpoint protection agents are designed to provide security for traditional Windows hosts, Sysdig goes a step further by incorporating Kubernetes-specific context into its system introspection.

Disable Data Execution Prevention

Data Execution Prevention (DEP) is a Windows security feature that protects systems by preventing code from executing in memory areas designated for data storage. By ensuring only authorized programs can run in specific memory regions, DEP helps block malicious software, such as viruses, from executing harmful code. It operates at both hardware and software levels, monitoring memory usage to prevent exploits like buffer overflow attacks.

How to Disable Hyper-V in Windows

Microsoft Hyper-V is a type 1 hypervisor that you can install on Windows – including on Windows 10 and Windows Server 2019. In some scenarios, you may need to uninstall Hyper-V on your Windows machine. For example, VMware Workstation and Hyper-V are not compatible when installed on the same machine. The same issues occur with other type 2 hypervisors like VirtualBox.