Exploring Data Exfiltration

Data exfiltration is a concern for most organizations. Protecting your data from prying eyes is hard enough but keeping it on your network; now that’s a challenge. With technology continuing to advance, we are forever moving to cloud this and cloud that. Because we can’t live in a world with only using one company, our data is scattered around the web like nobodies business.

The not so isolated risk of legacy systems

Unfortunately, in today’s world, it is not just Vladimir Putin running Windows XP. Many continue to run the risk of keeping legacy systems within their production environment. I imagine for most; this has run through some sort of internal process where the risk has been accepted. If you yourself work within IT, it would be … Continue reading The not so isolated risk of legacy systems

Living Off The Land: Suspicious System32

The services below are some of the most commonly abused services for malicious parties to "live of the land". Each are built into Windows and inherit trust by default. Because of this, security controls won't ever be able to fully isolate them without affecting the operating system. For example, your endpoint protection can't block command prompt and Powershell because engineers use them for automation tasks, nor can it block task scheduler or certuitl.......