> Writing up a new post on ransomware activity and dropping some instructions on risk mitigation. Not using Microsoft LAPS to randomize local admin passwords? Here is an approach on how to implement in active directory environments:https://t.co/srEWPBEMif — Root (@rootsecdev) November 11, 2020 [https://twitter.com/rootsecdev/status/1326542258359840769?ref_src=twsrc%5Etfw] The repo is here; rootsecdev/Microsoft-Blue-ForestCreating a hardened “Blue Forest” with Server 2016/2019 Domain Controll…
All posts in Security
> I'm a bit surprised that Microsoft doesn't publish guidance around Pass-the-PRT? - I'm confident that this attack will be used a lot in the future, so why wait until it is known? Remember Pass the Hash? It took years until we got a proper guidance for it. https://t.co/lEHu3v3CQF — Huy (@DebugPrivilege) November 10, 2020 [https://twitter.com/DebugPrivilege/status/1326123907028570114?ref_src=twsrc%5Etfw] Lateral Movement to the Cloud | Pass-The-PRT | What Is It & Protecting Yourself New researc…
A great twitter thread here for network defenders to have a look over. > https://t.co/ud34znBUwS Take a look at these 15 steps in the post-exploitation phase of the attack and figure out how you can detect more of this activity on your network. It’s not just the Ryuk ransomware threat - these are common tactics that defenders can turn into detections pic.twitter.com/MC4WH7e9WW [https://t.co/MC4WH7e9WW] — Randy Pargman (@rpargman) November 8, 2020 [https://twitter.com/rpargman/status/1325478972…
Useful guidance for planning/implementing a zero trust implementation; Zero Trust Deployment CenterThe Zero Trust model assumes a breach and verifies each request as though it originated from an uncontrolled network. Regardless of where the request originates or what resource it accesses, the Zero Trust model teaches us to never trust and to always verify.Microsoft Docsgarycentric [https://docs.microsoft.com/en-us/security/zero-trust/?wt.mc_id=AID2409700_QSG_PD_SCL_490670&ocid=AID2409700_QSG_PD…
> I've released NAT Slipstreaming, a spooky new technique that allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim’s NAT/firewall, just by the victim visiting a website. https://t.co/UlOnJPftTv Happy Halloween! pic.twitter.com/xorDXoh2uk [https://t.co/xorDXoh2uk] — Samy Kamkar (@samykamkar) October 31, 2020 [https://twitter.com/samykamkar/status/1322671073893126144?ref_src=twsrc%5Etfw] You can read about it on Samy's website here; Samy Kam…