Credential Theft Week 2

Continuing our J2 SOC Manager’s series on credential theft, this week we explore how attackers steal credentials on the local device. Future pieces will discuss other methods and prevention strategies. We hope you enjoy this series and feel free to get in contact us if you have questions, comments or want to further clarity.

Read more: Credential Theft Week 2

  • Hits: 28

Credential Theft Week 1

Our J2 SOC Manager has created a series of pieces around credential theft. In the coming weeks we will unpack several methods of attack. In this, the first in the series, we start with some background information and a dive into attacking passwords in network traffic. Future pieces will discuss other methods and prevention strategies. We hope you enjoy this series and feel free to get in contact us if you have questions, comments or want to further clarity.

Read more: Credential Theft Week 1

  • Hits: 77
Phishing 101

Phishing 101 version 2.0

In a profit driven, ethically unconstrained criminal enterprise like phishing it is not surprising that threat actors have evolved to match the times. Rather than focus on techniques, this article will discuss how phishing applications have changed to match new security standards. It should be noted that only 22% of Microsoft clients have adopted two factor protection, so the traditional phishing attacks are still effective against most small to mid-sized operations. In the case of the enterprise client, we are seeing a transition towards phishing attacks that can seamlessly target two factor protected accounts.

Read more: Phishing 101 version 2.0

  • Hits: 149
PKI Compromise by Default

PKI Compromise by Default

Certificate Authorities. They’re an invisible elephant in the room. They’re the colourless passport stampers that complement your inscrutable active directory certificate processes. The whole thing sounds very grey and bureaucratic, but threat actors and security wizards are looking at the certificate process very closely, and for good reason. Those passports can do quite a lot. In this article we’ll cover a few basic concepts and then look at a new crop of vulnerabilities discovered by the piratical and quite naughty SpectreOps. The aim of this post is not to make you an authority on certificate services, it’s to show you that there are distinct risks in deploying certificate services and provide you with a tool to audit for some of these.

Read more: PKI Compromise by Default

  • Hits: 638

Copyright © 2019 J2 Software | Powered By Cartmell