Live Cyber Attack Lab 🎯 Watch our IR team detect & respond to a rogue insider trying to steal data! Choose a Session

X

Articles by

Andy Green

Inside the World of Insider Threats, Part I: Motivation

As someone once said in a different context, never let a good crisis go to waste. While we still don’t have definitive proof, there’s good evidence that employees were in...

Read More

Interview With NYU-Poly’s Professor Justin Cappos: Security Lessons From Retail Breaches

I had the chance to talk with cyber security expert Justin Cappos last month about the recent breaches in the retail sector. Cappos is an Assistant Professor of Computer Science...

Read More

Microsoft Fixes A Kerberos Silver Ticket Vulnerability

Note: This post has created a bit of controversy among the security illuminati! A post on Still Passing the Hash Blog 15 Years Later explains the issues. I think a...

Read More

Are You Smarter Than a Hacker? [CONTEST]

They’ve broken into the largest retailers, key government agencies, and major social media companies, stealing tens of millions of credit card numbers, email addresses, and sensitive data. They’re experts at...

Read More

How to Be Your Own Best Password Generator

Let’s face it people, we’re bad at coming up with our own passwords. They’re too short, too obvious, and hackers have gotten very good at breaking them —either by outright guessing...

Read More

Phishing Attacks Classified: Big Phish vs. Little Phishes

The CMU CERT team I referred to in my last post also has some interesting analysis on the actual mechanics of these phishing attacks. Based on reviewing their incident database, the...

Read More

In Search of Kerberos’s Golden Ticket

In a Kerberos environment, all users get tickets, or more specifically TGTs (Ticketing Granting Tickets). It’s the starting point for gaining access to services—network files, email, apps, etc.  In Windows,...

Read More

Kerberos Weaknesses: Pass the Ticket Is a Real Threat

August is always a good time to check up on the dark side.  Black Hat had its annual conference earlier this month, and there are always presentations worth looking at....

Read More

Authentication Lessons From the Magic Kingdom: A Closer Look at Kerberos, Part II

Let’s continue our journey into the Magic Kingdom as a way to explore Kerberos. Sure the comparison doesn’t completely track, but it’s close and easy enough to grasp that I...

Read More

Top Five Most Dangerous Software Errors

Over the years, Mitre, the MIT research group, has been analyzing software bugs and missteps that hackers have been able to exploit. Their Common Vulnerabilities and Exposures (CVE) classifications are...

Read More
 

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.