Live Cyber Attack Lab 🎯 Watch our IR team detect & respond to a rogue insider trying to steal data! Choose a Session

X

Articles by

Andy Green

California Consumer Privacy Act (CCPA) and the Future of Data Security Standards

If you’ve been following the blog, you know that the California Consumer Privacy Act, or CCPA, is set to take effect on January 1, 2020. It will establish a new...

Read More

Insider Threats: Stealthy Hacking With WMI (Windows Management Instrumentation)

In looking at Windows features and tools from the perspective of a pen tester, it’s easy to lose sight that Microsoft’s operating system is really, wait for it, impressive. I...

Read More

Insider Threats: Stealthy Password Hacking With Smbexec   

As we’ve been writing about forever, hackers are relying more on malware-free techniques to fly below the radar. They’re using standard Windows software to live off the land, thereby getting...

Read More

Frequently Asked Questions (FAQ): GDPR and HR/Employee Data

As I wrote in another post, HR records are considered personal data and covered under the General Data Protection Regulation (GDPR). Since I keep on hearing from people who should...

Read More

Data Security and Privacy Lessons From Recent GDPR Fines

We’re more than a year into the General Data Protection Regulation (GDPR) era, and we now have a few enforcement actions under our belts as data points. Earlier in 2019,...

Read More

NYS SHIELD Act: Updates to PII, Data Security, and Breach Notification  

After the devastating Equifax incident, the New York State legislature introduced the Stop Hacks and Improve Electronic Data Security or SHIELD Act in order to update the  existing  breach rules....

Read More

Insights into User Entity Behavior Analytics (UEBA)

User Behavior Analytics or UBA was and still is the term for describing searching for patterns of usage that indicate unusual computing activities — regardless of whether it’s coming from...

Read More

We Know About Your Company’s Data: OSINT Lessons for C-Levels

 I’ve been on a mission the last few months to bring basic knowledge about data security to the upper reaches of the organization. Our C-level readers and other executives, who...

Read More

PowerShell for Pentesters: Scripts, Examples and Tips

In case you haven’t noticed, we’ve been championing PowerShell as a pentesting tool in more than a few blog posts. One big reason to learn PowerShell and use it to...

Read More

A Quick Dip into Event Query Language (EQL)

Did you ever have the urge to put together a few PowerShell scripts leveraging the Windows Management Interface (WMI) to create your own file security monitoring package? My advice: wait...

Read More
 

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.