Tag: IT security

Organizations often create multiple IT policies for a variety of needs: disaster recovery, data classification, data privacy, risk assessment, risk management and so on. These documents are usually interconnected and provide a framework for the company to set values to guide...

IT risk assessments are vital for cybersecurity and information security risk management in every organization today. By identifying threats to your IT systems, data and other resources and understanding their potential business impacts, you can prioritize your mitigation efforts to avoid costly...

Introduction Even if you have implemented a Zero Trust security paradigm for network and infrastructure security, you need to plan for the inevitable — at some point, an attacker will get into your network with the intent to deploy ransomware or cause other damage   A typical attack...

Sysmon is a component of Microsoft’s Sysinternals Suite, a comprehensive set of tools for monitoring, managing and troubleshooting Windows operating systems. Version 13 of Sysmon introduced monitoring for two advanced malware tactics: process hollowing and herpaderping. This article...

The Active Directory linked attribute is a special type of Active Directory attribute that is used to describe relationships between objects. This post explains what linked attributes are and how they work. Handpicked related content: Active Directory Security Best Practices  What makes...

Post-exploitation tools are used by threat actors to move laterally inside a network and escalate their privileges in order to steal data, unleash malware, create backdoors and more. Red teams and ethical hackers also use these tools; indeed, simulating the efforts of adversaries plays a key role...

Event logs can help you spot and troubleshoot security events so you can protect your systems and data. However, log records can be hard to read, and logs so noisy that you often have to sift through pages of events to identify critical events and potential threats.  Read on to learn...

Covenant is one of the latest and greatest command and control (C2) post-exploitation frameworks. This post will walk you through the process of configuring Covenant and using it to execute payloads on compromised hosts. Note: This post demonstrates the capabilities of Covenant as of...

You may not be familiar with NTFS file streams, but you use them every day when you access files on any modern Windows system. This blog post explains this feature of NTFS ADS, shows how hackers can exploit file stream functionality in cyberattacks, and offers strategies for defending your...

Storing sensitive data in the cloud greatly expands your attack surface area — and adversaries are seizing the opportunities that cloud adoption presents. In fact, a 2022 Netwrix survey found a 10% increase in attacks targeted at cloud infrastructure. Handpicked related content: [Free...