Live Cyber Attack Lab 🎯 Watch our IR team detect & respond to a rogue insider trying to steal data! Choose a Session

X

Articles by

Andy Green

Windows Management Instrumentation (WMI) Guide: Understanding WMI Attacks

Windows Management Instrumentation (WMI) is a subsystem of PowerShell that gives admins access to powerful system monitoring tools. Though this system has been designed to allow for fast, efficient system...

Read More

What is Fileless Malware? PowerShell Exploited

Fileless malware most commonly uses PowerShell to execute attacks on your system without leaving any traces. This type of attack is also known as a zero-footprint attack and can be...

Read More

Sysmon Threat Analysis Guide

In my various pentesting experiments, I’ll pretend to be a blue team defender and try to work out the attack. If you have good security eyes, you can search for...

Read More

The No Hassle Guide to Event Query Language (EQL) for Threat Hunting

Did you ever have the urge to put together a few PowerShell scripts to parse and analyze the Sysmon event log in order to create your own threat analysis software?...

Read More

Varonis eBook: WMI Events and Insider Surveillance

If you’ve been reading our blog, you know that Windows software can be weaponized to allow hackers to live-off-the-land and stealthily steal sensitive data. Insiders are also aware of the...

Read More

Ransomware Meets Its Match With Automated Cyber Defenses

The “good news” about hacking is that while leaving you with potentially enormous incident response costs — customer notifications, legal fees, credit monitoring, class-action suits — your business can still...

Read More

Beyond Privacy and DSARs: Public Data Requests (FOI) Are the Law in 50 States

Happy 2020!  The New Year brings Californians under the California Consumer Privacy Act (CCPA). CA consumers can ask state-based companies for all relevant data, and to request that companies delete...

Read More

Complete Guide to Privacy Laws in the US

Contrary to conventional wisdom, the US does indeed have data privacy laws. True, there isn’t a central federal level privacy law, like the EU’s GDPR. There are instead several vertically-focused...

Read More

Insider Threats: Living With WMI Permanent Events

At the end of the previous post in this series, I suggested WMI permanent events, though somewhat complicated, is a more effective way for insiders to conduct surveillance on their...

Read More

Active Directory Has a Privacy Problem

Back when I was pen testing with the wonderful PowerView, I was using it to pull user information from Active Directory.  At the time I was more interested in gathering...

Read More
 

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.