Introduction So… Active Directory is amazing. It tells me everything I want to know—a regular Ask Jeeves for the whole domain—but I’m sure there is more that it can do. What else am I missing? In a previous article, I described the Active Directory (AD) service and how a Script Kiddie might use it to…
Read
Introduction It seems like all these corporate types are using Active Directory. What is this “Active Directory”? And how can I use it to make my job as a Script Kiddie easier? Active Directory (AD) is a directory service developed by Microsoft for Windows networks and computers. A directory service is a shared database for…
Read
For many organizations, data center operations are handled by the facilities team or a third-party vendor. Although these functions aren’t part of the everyday responsibilities of the IT or Security departments, they are crucial to systems availability and to the ongoing operations of the business. Having a full understanding of the capacity and capabilities of…
Read
Introduction Let’s say an ‘Administrator’ lands on a target network host and wants to look around and ‘administer’ the system without uploading any new tools… How can I do that without burning any of my Script Kiddie tools? WMI or Windows Management Instrumentation or Windows Managed Infrastructure is an interface for managed components that provides…
Read
An organization’s overall security posture can be viewed from multiple different angles, such as technical assessments, program assessments, controls assessments, and risk assessments. A number of different frameworks for each of these assessment types exist, intended to help both technical teams as well as leadership organize security program building activities. Some of these include: Penetration…
Read
Over the years, it has been my experience that industry certifications have become standard for job consideration and/or advancement for many technical positions. This is, of course, in addition to having experience in the particular field. I obtained my first (modern-day) technical certification in 2014. It was the System Security Certified Practitioner (SSCP) offered by…
Read
Logging, monitoring, and alerting programs are some of the most critical elements of any security and compliance program, but traditional approaches for implementing and upgrading these capabilities are often noisy, expensive, and laborious. Traditional Alerting Approaches are Failing During program assessments, we find that a lot of clients are generating so many alerts that they…
Read
Today we are excited to announce the launch of the TrustedSec Sysmon Community Guide. This guide is intended to be a one-stop shop for all things Sysmon. Our goal for the project is to help empower defenders with the information they need to leverage this great tool and to help the infosec community spread the…
Read
Security is evolving. That’s not news, but as it is happening not everyone can keep up with what that means. This is especially true for those who have embraced maturing their risk and security programs, while still getting traditional assessments which have become commoditized and oftentimes not as valuable as they used to be. These…
Read
Too often organizations spend their security budget in ways that don’t necessarily make the most sense for them. Whether this be purchasing unnecessary appliances or securing an overly broad area, wasting valuable and often scarce security dollars isn’t good for anyone, except perhaps those providing the unnecessary services. A risk assessment, as the name suggests,…
Read