Live Cyber Attack Lab 🎯 Watch our IR team detect & respond to a rogue insider trying to steal data! Choose a Session

X

IT Pros

Articles

What is SAML and How Does it Work?

Security Assertion Markup Language (SAML) is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP). What that jargon means is that you can...

Read More

Koadic: Pen Testing, Pivoting, & JavaScripting, Part II

Mshta and rundll32, the Windows binaries that Koadic leverages, have been long known to hackers. If you take a peek at Mitre’s ATT&CK database, you’ll see that rundll32 has been...

Read More

CISM vs. CISSP Certification: Which One is Best for You?

It’s a perfect time to be CISM or CISSP certified, or have any cybersecurity certification: according to Gartner, the unemployment rate for cybersecurity professionals is zero – as in there...

Read More

Koadic: LoL Malware Meets Python-Based Command and Control (C2) Server, Part I

In my epic series on Windows binaries that have dual uses– talkin’ to you rundll32 and mshta — I showed how hackers can stealthy download and launch remote script-based malware....

Read More

The Malware Hiding in Your Windows System32 Folder: More Rundll32 and LoL Security Defense Tips

When we left off last, I showed how it’s possible to run VBScript directly from mshta. I can play a similar trick with another LoL-ware binary, our old friend rundll32....

Read More

Verizon 2018 DBIR: Phishing, Stolen Passwords, and Other Cheap Tricks

Like the rest of the IT security world last week, I had to stop everything I was doing to delve into the latest Verizon Data Breach Investigations Report. I spent...

Read More

Women in Tech: The Anatomy of a Female Cybersecurity Leader

Cybersecurity has a gender gap. According to the 2017 Women in Cybersecurity study, a joint venture between the Center for Cyber Safety and Education and the Executive Women’s Forum on...

Read More

Adventures in Fileless Malware, Part V: More DDE and COM Scriplets

In this series of post, we’ve been exploring attack techniques that involve minimal efforts on the part of hackers. With the lazy code-free approach I introduced last time, it’s even possible to...

Read More

Adventures in Fileless Malware, Part IV: DDE and Word Fields

For this next post, I was all ready to dive into a more complicated fileless attack scenario involving multiple stages and persistence. Then I came across an incredibly simple code-free...

Read More

12 Ways Varonis Helps You Manage Mergers and Acquisitions

A well-constructed Merger & Acquisition (M&A) playbook reduces the overall time, cost and risk of the upcoming merger and/or acquisition. Gartner advises that organizations who intend to grow through acquisitions...

Read More
 

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.