Skip to main content

Credential Theft Week 3

Continuing our J2 SOC Manager’s series on credential theft, this week we touch on some things you should be doing to protect yourself. We hope that you have found the first few pieces helpful and please feel free to get in contact us if you have questions, comments or want to further clarity. After our previous pieces explored several methods that the cyber criminals will use to steal your credentials, let’s shift our focus on some of the way you can protect you and your business.

Read more …Credential Theft Week 3

  • Hits: 351

Credential Theft Week 2

Continuing our J2 SOC Manager’s series on credential theft, this week we explore how attackers steal credentials on the local device. Future pieces will discuss other methods and prevention strategies. We hope you enjoy this series and feel free to get in contact us if you have questions, comments or want to further clarity.

Read more …Credential Theft Week 2

  • Hits: 399

Credential Theft Week 1

Our J2 SOC Manager has created a series of pieces around credential theft. In the coming weeks we will unpack several methods of attack. In this, the first in the series, we start with some background information and a dive into attacking passwords in network traffic. Future pieces will discuss other methods and prevention strategies. We hope you enjoy this series and feel free to get in contact us if you have questions, comments or want to further clarity.

Read more …Credential Theft Week 1

  • Hits: 409

Phishing 101 version 2.0

In a profit driven, ethically unconstrained criminal enterprise like phishing it is not surprising that threat actors have evolved to match the times. Rather than focus on techniques, this article will discuss how phishing applications have changed to match new security standards. It should be noted that only 22% of Microsoft clients have adopted two factor protection, so the traditional phishing attacks are still effective against most small to mid-sized operations. In the case of the enterprise client, we are seeing a transition towards phishing attacks that can seamlessly target two factor protected accounts.

Read more …Phishing 101 version 2.0

  • Hits: 700

PKI Compromise by Default

Certificate Authorities. They’re an invisible elephant in the room. They’re the colourless passport stampers that complement your inscrutable active directory certificate processes. The whole thing sounds very grey and bureaucratic, but threat actors and security wizards are looking at the certificate process very closely, and for good reason. Those passports can do quite a lot. In this article we’ll cover a few basic concepts and then look at a new crop of vulnerabilities discovered by the piratical and quite naughty SpectreOps. The aim of this post is not to make you an authority on certificate services, it’s to show you that there are distinct risks in deploying certificate services and provide you with a tool to audit for some of these.

Read more …PKI Compromise by Default

  • Hits: 785