In recently released Update 1 for InTrust 11.4.1 there is a hidden gem – Suspicious process was started rule, it allows detection of hidden steps that ransomware and malware would do to achieve persistence, hide their tracks and disable protection…
In recently released Update 1 for InTrust 11.4.1 there is a hidden gem – Suspicious process was started rule, it allows detection of hidden steps that ransomware and malware would do to achieve persistence, hide their tracks and disable protection…
In my previous blog posts, I gave two examples of a privileged user could easily hose your Active Directory: by changing deny logon rights and by erasing the DNS entries on a domain controller.
You might be thinking those are just hypothetical scenarios…
In my previous blog post, I brought up a subject many of us would just as soon not think about: how easily a privileged user can totally hose your Active Directory. I described one method there (changing deny logon rights) and promised two more. Ready…
Not long ago, I was talking to an IT pro whose Active Directory went down suddenly one day. He couldn't determine the root cause, so this was his recovery plan:
Reboot, restore, and then resign.
While not all IT pros will be quite so ready to fall…
