Articles by
Andy Green

Andy blogs about data privacy and security regulations. He also loves writing about malware threats and what it means for IT security.
Windows Management Instrumentation (WMI) Guide: Understanding WMI Attacks
Windows Management Instrumentation (WMI) is a subsystem of PowerShell that gives admins access to powerful system monitoring tools. Though this system has been designed to allow for fast, efficient system...
What is Fileless Malware? PowerShell Exploited
Fileless malware most commonly uses PowerShell to execute attacks on your system without leaving any traces. This type of attack is also known as a zero-footprint attack and can be...
Sysmon Threat Analysis Guide
In my various pentesting experiments, I’ll pretend to be a blue team defender and try to work out the attack. If you have good security eyes, you can search for...
The No Hassle Guide to Event Query Language (EQL) for Threat Hunting
Did you ever have the urge to put together a few PowerShell scripts to parse and analyze the Sysmon event log in order to create your own threat analysis software?...
Varonis eBook: WMI Events and Insider Surveillance
If you’ve been reading our blog, you know that Windows software can be weaponized to allow hackers to live-off-the-land and stealthily steal sensitive data. Insiders are also aware of the...
Ransomware Meets Its Match With Automated Cyber Defenses
The âgood newsâ about hacking is that while leaving you with potentially enormous incident response costs â customer notifications, legal fees, credit monitoring, class-action suits â your business can still...
Beyond Privacy and DSARs: Public Data Requests (FOI) Are the Law in 50 States
Happy 2020! Â The New Year brings Californians under the California Consumer Privacy Act (CCPA). CA consumers can ask state-based companies for all relevant data, and to request that companies delete...
Complete Guide to Privacy Laws in the US
Contrary to conventional wisdom, the US does indeed have data privacy laws. True, there isnât a central federal level privacy law, like the EUâs GDPR. There are instead several vertically-focused...
Insider Threats: Living With WMI Permanent Events
At the end of the previous post in this series, I suggested WMI permanent events, though somewhat complicated, is a more effective way for insiders to conduct surveillance on their...
Active Directory Has a Privacy Problem
Back when I was pen testing with the wonderful PowerView, I was using it to pull user information from Active Directory. Â At the time I was more interested in gathering...