In recently released Update 1 for InTrust 11.4.1 there is a hidden gem – Suspicious process was started rule, it allows detection of hidden steps that ransomware and malware would do to achieve persistence, hide their tracks and disable protection…
In recently released Update 1 for InTrust 11.4.1 there is a hidden gem – Suspicious process was started rule, it allows detection of hidden steps that ransomware and malware would do to achieve persistence, hide their tracks and disable protection…
The cyber-security community is buzzing about this recently unveiled vulnerability in Windows Textservices Framework.
"Project Zero: Down the rabbit hole" https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html by a security researcher…
In my previous blog post, I brought up a subject many of us would just as soon not think about: how easily a privileged user can totally hose your Active Directory. I described one method there (changing deny logon rights) and promised two more. Ready…
Not long ago, I was talking to an IT pro whose Active Directory went down suddenly one day. He couldn't determine the root cause, so this was his recovery plan:
Reboot, restore, and then resign.
While not all IT pros will be quite so ready to fall…
In my previous blog posts, I gave two examples of a privileged user could easily hose your Active Directory: by changing deny logon rights and by erasing the DNS entries on a domain controller.
You might be thinking those are just hypothetical scenarios…