Practical Attacks against NTLMv1

1.1      Introduction This blog is meant to serve as a guide for practical exploitation of systems that allow for the NTLMv1 authentication protocol. While NTLMv1 is hardly ever needed anymore, a surprising number of organizations still use it, perhaps unknowingly. There are however some VPN products that still currently instruct their users to downgrade NLTM…

The post Practical Attacks against NTLMv1 appeared first on TrustedSec.

Continue reading Practical Attacks against NTLMv1

Old Habits Die Hard: New Report Finds Businesses Still Introducing Security Risk into Cloud Environments

While cloud computing and its many forms (private, public, hybrid cloud or multi-cloud environments) have become ubiquitous with innovation and growth over the past decade, cybercriminals have closely watched the migration and introduced innovations of their own to exploit the platforms. Most of these exploits are based on poor configurations and human error. New IBM […]

The post Old Habits Die Hard: New Report Finds Businesses Still Introducing Security Risk into Cloud Environments appeared first on Security Intelligence.

Continue reading Old Habits Die Hard: New Report Finds Businesses Still Introducing Security Risk into Cloud Environments

Detection and Alerting: Selecting a SIEM

Summary Basic SIEM requirements should be in place to create mature detections for a variety of log sources, including network logs, system logs, and application logs (including custom applications). This focuses on Security Operations and does not include the engineering side of SIEM management, e.g., licensing, hardware/cloud requirements, retention needs, etc. Each component of the…

The post Detection and Alerting: Selecting a SIEM appeared first on TrustedSec.

Continue reading Detection and Alerting: Selecting a SIEM

High-School Graduation Prank Hack

This is a fun story, detailing the hack a group of high school students perpetrated against an Illinois school district, hacking 500 screens across a bunch of schools.

During the process, the group broke into the school’s IT systems; repurposed software used to monitor students’ computers; discovered a new vulnerability (and reported it); wrote their own scripts; secretly tested their system at night; and managed to avoid detection in the school’s network. Many of the techniques were not sophisticated, but they were pretty much all illegal…

Continue reading High-School Graduation Prank Hack

Can your passwords withstand threat actors’ dirty tricks?

Password security hinges on the answer to that seemingly simple question. Unfortunately, you can’t know the answer until you’ve engaged a ruthless penetration tester to find out if your environment can stand up to the frighteningly good password cracki… Continue reading Can your passwords withstand threat actors’ dirty tricks?

Sliver offensive security framework increasingly used by threat actors

The offensive security tool used by penetration testers is also being used by threat actors from the ransomware and cyberespionage spheres.
The post Sliver offensive security framework increasingly used by threat actors appeared first on TechRepublic.
Continue reading Sliver offensive security framework increasingly used by threat actors

SquarePhish: Advanced phishing tool combines QR codes and OAuth 2.0 device code flow

In this Help Net Security video, Security Consultant Kam Talebzadeh and Senior Security Researcher Nevada Romsdahl from Secureworks, showcase SquarePhish, a tool that combines QR codes and OAuth 2.0 device code flow for advanced phishing attacks. Squar… Continue reading SquarePhish: Advanced phishing tool combines QR codes and OAuth 2.0 device code flow

AWSGoat: Easy to deploy vulnerable AWS infrastructure for pentesters

Compromising an organization’s cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web applications, is all an attacker needs to compromise the entire infrastructure. S… Continue reading AWSGoat: Easy to deploy vulnerable AWS infrastructure for pentesters