Open Mobile Menu

Blog

Who’s Managing your LAPS Implementation

Michael Becher

Written By: Michael Becher

January 07, 2020

Views: 648

In May 2015, Microsoft released a password management tool to combat the rising abuse of encrypted passwords (which effectively became encoded when Microsoft released the key) stored in Group Policy Preferences, or worse, in cleartext scripts pushed via GPO. Every domain user was able to access these preferences and scripts in the ‘SYSVOL’ share and could obtain the single local administrator password for all machines on the domain, which would provide total lateral movement opportunities within the domain. The necessary problem here is that at least one user has to be able to see these LAPS passwords to administer the process. Who within your domain has this power? You might be surprised at how often this is overlooked, thus leading to the availability of all these passwords to more users than intended.

Read more.

How organizations can prepare for and contain the inevitable; a cyber breach

Tim Jensen

Written By: Tim Jensen

September 12, 2019

Views: 541

It’s not a matter of ‘if’ your organization will experience a cyber-attack, but ‘when’. That’s BSI’s approach to cyber security and information resilience, through either our advisory services or certification and training. We help thousands of organizations around the world embed excellence with a focus on Organizational Resilience. One of the best ways for organizations to manage and protect their information assets is to implement ISO/IEC 27001, the internationally recognized information security management standard. Cyber-attacks are commonplace at this point; the blog post below discusses one of the most recent; an attack on twenty-two local governments in the state of Texas. Unfortunately, this is just the latest in a string of attacks on government entities, which includes the attack on the City of Baltimore earlier this year. Below, Stephen Haywood and Tim Jensen, discuss what companies should be aware of, what they need to think about, and what they can do to prepare for data breaches.

Read more.

Lure: Phishing Target Recon for GoPhish

Jayme Hancock

Written By: Jayme Hancock

August 12, 2019

Views: 1100

Phishing is hard. Arguably, the most important part of a successful phishing campaign is ensuring your email actually reaches the right people in the first place. This week I’m releasing Lure, a tool for helping automate target collection on phishing campaigns. 

Read more.

Ten Useful Burp Suite Pro Extensions for Web Application Testing

Danielle Wong

Written By: Danielle Wong

June 20, 2019

Views: 1991

If you are an Information Security professional, it’s likely you have used Burp Suite by Portswigger - a proxy tool to intercept, analyze, and alter network traffic. The following is a quick overview of some handy extensions that you can add easily to your current Burp Suite setup.

Read more.