Having your Active Directory breached is bad enough, but an attacker who gains persistence is even more dangerous. The longer they are able to hide in your Active Directory forest, the better chance they have of gaining access to your organization’s crown jewels. Undetected, they can comfortably wait for the most opportune time to take control, stealing your organization’s most sensitive data and...

Vulnerability scanners are valuable tools that search for and report on what known vulnerabilities are present in an organization’s IT infrastructure. Using a vulnerability scanner is a simple, but critical security practice that every organization can benefit from. These scans can give an organization an idea of what security threats they may be facing by giving insights into potential security...

Cybersecurity has become an increasingly popular topic in day-to-day conversation, and the conclusion is always the same: organizations need to make cybersecurity a priority and work to create the best security strategy possible. However, there’s a big difference between understanding what you need versus knowing how to get it. Many organizations are still in the early stages of developing and...

What is Intelligent IAM?Intelligent IAM (IIAM) encompasses all the administrative processes used in Identity and Access Management (IAM), but the processes are influenced by real‐time data. IAM solutions that use intelligence continuously collect, monitor, and analyze large volumes of identity and access‐related information, combining data not only from provisioning and governance solutions but...

If you’re like most IT or security professionals, it seems harder than ever to manage the complexity of user access. Keeping track of access rights, roles, accounts, permissions, entitlements, credentials, and privileges is a never ending—and sometimes thankless—proposition. And it’s riskier than ever before. In fact, according to the 2021 Cost of a Data Breach Report, compromised credentials are...

Core Security’s comprehensive penetration testing tool, Core Impact, can now import data from two additional vulnerability scanners: Fortra VM (formerly Frontline VM) and beSECURE. Both vulnerability assessment and management solutions were recently acquired by Fortra to establish a comprehensive security assessment toolkit. By adding integration with these solutions, Core Impact can further...

In the first two parts of this series, we covered how attackers may attempt to gain persistence in Active Directory by forging Kerberos tickets or through domain replication abuse, and also discussed strategies to detect these methods. In this part, we’ll touch on a few more techniques: AdminSDHolder and SDProp abuse, SID History attacks, and skeleton key attacks. AdminSDHolder Container and...

In part one of this series, we discussed how attackers may attempt to gain persistence in Active Directory by forging Kerberos tickets, as well as ways to detect these efforts. In this part, we’ll discuss another method attackers may use: domain replication abuse. The DCSync Attack Domain replication, or DCSync, is a feature that was first intended to be used by Domain Controllers. Requesting a...

Security Information and Event Management (SIEM) solutions are known for their ability to provide visibility into IT environments by monitoring data sources for unusual activity and contextualizing them for security insights. According to the 2021 SIEM Report by Cybersecurity Insiders, 76% of cybersecurity professionals surveyed reported that SIEM improved their ability to detect threats. But what...

Did you know that, on average, 15 million residents in the U.S. are affected by identity theft and upwards of $50 billion are stolen each year? During the holiday season we hear a lot about keeping your identity safe when shopping online or in retail stores across the country, or even across the world. Why? The most obvious reasons are that your money can be stolen and in turn, your credit ruined...

As organizations have made the transformational shift to a remote and hybrid workforce, IT and security teams are feeling increased pressure to better manage access to sensitive data and systems. The rise of a remote and expanded workforce has put additional strain on organizations and increased the potential for identity-related access risks. To combat these access risks, identity and access...

Did you know the first instance of ransomware was in 1989? Though we’ve moved on from floppy disks containing malware and cashier’s checks used to pay attackers, we are far from moving past ransomware. Instead, ransomware has become more streamlined, and is one of the most popular tools of both amateur and expert threat actors. Just about anyone can purchase a ransomware strain off the dark web or...

Vulnerabilities can be found in just about any type of software—and even some pieces of hardware. Threat actors are all too eager to take advantage of these vulnerabilities, leveraging them to gain access to or escalate privileges in an organization’s IT infrastructure. When these vulnerabilities are discovered before the vendor is aware, these are known as zero-day threats. Since these are...

The PrintNightmare flaw is aptly named—the serious remote code execution vulnerability in the Microsoft Windows Print Spooler service, CVE-2021-34527, can give an attacker the keys to the kingdom.