When the manual is not enough – runas /netonly, Unexpected Credential Exposure and the Need for Reality Based Holistic Threat Models

One of the things I always advocate for IT Professionals/Defenders is that versus letting Penetration Testers and Real Attackers figure out the holes in their systems, is a serious contemplation of how you would bypass your own defenses. Your adversaries are more than willing to spend time learning the apps and defenses you have in…

4

Local Administrator Password Solution (LAPS) Implementation Hints and Security Nerd Commentary (including mini threat model)

I did a guest post over on the Ask PFE Platforms blog about the Local Administrator Password Solution (LAPS) this week. You can check it out here : http://blogs.technet.com/b/askpfeplat/archive/2015/12/28/local-administrator-password-solution-laps-implementation-hints-and-security-nerd-commentary-including-mini-threat-model.aspx -Jessica @jepayneMSFT 

4

Tracking Lateral Movement Part One – Special Groups and Specific Service Accounts

Lateral Movement – the moving of an attacker from one compromised host throughout your domain until they find what they are looking for – is something we see many just about all attackers doing during compromise. I’ve talked a lot about the attacker behavior and how to stop it – strong protective controls can serve…

10

Monitoring what matters – Windows Event Forwarding for everyone (even if you already have a SIEM.)

Last week at Ignite Australia I presented a session (available here ) on something I don’t think gets talked about enough – Windows Event Forwarding, or WEF.  (Edit: I’ve also since done an depth Microsoft Virtual Academy session on Event Forwarding too!). Often when we engage for an Incident Response, we find the customer : Has no centralized…

45

What should I know about security? The massive list of links post.

I maintain a list of links I call “security stuff every Microsoft customer should know” that I send to every customer I visit. The list ranges from basic things to more in depth security knowledge, and is now available even if I haven’t visited you. 🙂 You might want to bookmark this page, as it will…

6