The services below are some of the most commonly abused services for malicious parties to "live of the land". Each are built into Windows and inherit trust by default. Because of this, security controls won't ever be able to fully isolate them without affecting the operating system. For example, your endpoint protection can't block command prompt and Powershell because engineers use them for automation tasks, nor can it block task scheduler or certuitl.......
Hacking With Powershell: Malware
With malicious parties continuing to use Powershell as their way in, I thought I would look into how it's being used and what can be done to prevent it. This is something I've covered before, so think of this as a part 3............
What’s This About Zoom?
Zoom has helped millions stay in connect during these hard times and you can see why it was the preferred option. Other services such as Webex or Skype are just too clunky and in my opinion, the simplicity of Zoom was........
PSWatcher – Now Automated
Read the article here: https://securethelogs.com/pswatcher-3/
Windows Defender: Why Check Your Exclusions
Windows Defender is integrated with Windows 10, so it's no wondering it's up there for the most popular Anti-virus solution. Once you login to your new Windows 10 machine, it's pretty much ready to go. The plus side is that Defender is a pretty solid AV and if you look at Gartner, they even rate them as the best......
Fake GOV_UK SMS Fines Being Sent
This morning, several people are reporting that they had received a text message reporting that they had been fined. These are fake as at this moment in time, the above SMS has been the only confirmed SMS message that has been sent out by the Government.....
Malicious Parties Phishing With The “Corona Cure”
As the pandemic continues, we are all looking for the latest information or data in order to keep ourselves and our family’s safe. You would have most likely seen an increase in emails from all the companies you associate with, giving you an update on what they are doing during this crisis.....
Bypass AzureAD Administration Portal Restriction
The security of active directory will always be a hot topic. AD contains all your identities/structure and isn’t something you want anyone accessing. In traditional models, a common threat was that your users could query AD using net /domain commands.....
Microsoft Azure: Securing Public RDP
Security professionals have been trying to flag the risks of public facing RDP for years. Despite all the news articles and tweets, the volume of public RDP remains high.....
Why Control PowerShell In Azure
PowerShell brings automation and automation can be key to running an environment. The problem is, if it isn’t controlled, “automation” can be used against you......
Obfuscation With PowerShell
Malicious parties might chose to encode their commands or scripts. The reason why is that if your auditing isn't up to scratch, it may go unseen. In some cases it can also help bypass the AV....
