Tag: Security incident

The Center for Internet Security (CIS) offers Critical Security Controls (CSCs) that help organizations improve cybersecurity. CIS CSC 17 covers incident response and management. (In earlier versions of the CIS controls, handling of security incidents was covered in Control 19.) CIS CSC 17...

Attackers frequently rely on lateral movement techniques to infiltrate corporate networks and obtain privileged access to credentials and data. In particular, one common technique is pass-the-hash: Hackers use stolen password hashes to authenticate as a user without ever having the user's...

Mimikatz has become the standard tool for extracting passwords and hashes from memory, performing pass-the-hash attacks, and creating domain persistence through Golden Tickets.  Let’s take a look at how easy Mimikatz makes it to perform pass-the-hash and other authentication-based...

This last week, a thread in Spiceworks discussed a rogue sys admin that had come back to haunt this company. I read through the different threads and one in particular jumped out at me: “You people sound like a bunch of cops. Don’t you trust anyone? In order to trust someone, you must be...

This should be no revelation to IT professionals: you have to regularly monitor changes occurring in your network – and mainly for two reasons. The first one is this: continuous monitoring will take pain off meeting compliance requirements and surviving auditor’s visits. The second reason to...

It is hard to keep up with all of the various computer security incidents occurring daily. One can't help but wonder if more incidents are being reported and spreading through social media and internet news or if more incidents are taking place. It is likely both. The good news is, over the last...