Active Directory
Open-source penetration testing tool BloodHound CE released
SpecterOps released version 5.0 of BloodHound Community Edition (CE), a free and open-source penetration testing solution that maps attack paths in Microsoft Active Directory …
Why organizations should control Active Directory permissions
In this Help Net Security video, Matthew Vinton, Strategic Systems Consultant at Quest Software, illustrates the importance of regularly analyzing, controlling and adapting …
36% of orgs expose insecure FTP protocol to the internet, and some still use Telnet
A significant percentage of organizations expose insecure or highly sensitive protocols, including SMB, SSH, and Telnet, to the public internet, the ExtraHop Benchmarking …
Review: Enzoic for Active Directory
Data breaches now happen so often that we don’t even pause when reading yet another headline notifying us of the latest one. We react only if the breach happened to a service …
Microsoft patches Windows LSA spoofing zero-day under active attack (CVE-2022-26925)
May 2022 Patch Tuesday is here, and Microsoft has marked it by releasing fixes for 74 CVE-numbered vulnerabilities, including one zero-day under active attack (CVE-2022-26925) …
Good end user passwords begin with a well-enforced password policy
In this interview with Help Net Security, Lori Österholm, CTO at Specops Software, explains what makes passwords vulnerable and suggests some password best practices and …
The security gaps that can be exposed by cybersecurity asset management
Cybersecurity asset management does not come with the excitement following the metaverse, blockchain, or smokescreen detection technologies, but it is essential for the …
Guarding against DCSync attacks
Gaining access to domain admin credentials is part of the endgame in many sophisticated attacks where threat actors are trying to maintain persistence. One of the ways that …
Active Directory control: How adversaries score even bigger goals via attack paths
Microsoft Active Directory and Azure Active Directory are directory services products used for identity and access management at most major enterprises all over the world. All …
Obstacles and threats organizations face when protecting AD
Attivo Networks announced the availability of a research report conducted by Enterprise Management Associates (EMA) which focuses on Active Directory (AD), exploring the …
Attivo Networks ThreatStrike functionality helps hide real credentials from attacker tools
Attivo Networks announced a new way of protecting credentials from theft and misuse. As part of its Endpoint Detection Net (EDN) Suite, the ThreatStrike functionality allows …
Finding and using the right cybersecurity incident response tools
Unpacking the layers of a cyberattack is rarely a simple task. You need to analyze many potential entry points, attack paths, and data exfiltration tactics to reveal the scope …
Featured news
Resources
Don't miss
- Mastering the cybersecurity tightrope of protection, detection, and response
- PRevent: Open-source tool to detect malicious code in pull requests
- Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand
- Hackers pose as employers to steal crypto, login credentials
- Unknown and unsecured: The risks of poor asset visibility