Unsigned LDAP Channel Binding Attacks- How to Mitigate Without Breaking Production:

  • Unsigned LDAP Channel Binding Attacks- How to Mitigate Without Breaking Production:

    On March 2020 Microsoft published a patch that supposes to help prevent unsigned LDAP channel binding attacks on Domain Controllers (DC). In this article, we’ll dive into the attack and what

    Read More
  • Webinar: Windows 2019 Hardening: Ensuring CIS compliance while avoiding production outages.

    Server hardening is often a demand presented by security teams and regulators. Implementing a secure baseline, that often needs to align with best practices such as CIS Benchmarks, is hard and

    Read More
  • Preventing LDAP Reconnaissance- The First Step of AD Attacks

    Due to the architecture of Active Directory, once a domain-joined computer is breached, the attacker is able to map the network, locate sensitive accounts and assets, and estimate vulnerabilities. The process

    Read More
  • Windows 2019 hardening webinar: Ensuring CIS Compliance While Avoiding Production Outages

    Windows 2019 Hardening: Ensuring CIS Compliance While Avoiding Production Outages.   We are happy to announce our collaboration with TopQore- Windows 2019 Webinar.   When?  14 May 2020 at 4PM CET. (Amsterdam

    Read More
  • Domain controller: LDAP server signing requirements

    LDAP signing increases security in communication between LDAP clients and Active Directory domain controllers.  LDAP signing is a Simple Authentication and Security Layer (SASL) feature, as part of the LDAP protocol

    Read More
  • Why NTLMv1 will always be vulnerable to NTLM Relay attacks

    NTLM is one of the most iconic and common attacks on Active Directory environments. In this attack, the attacker (Relayer) captures an authentication and pass it to their desired server. This

    Read More
  • Ryuk Ransomware is Targeting Hospitals

    The Ryuk ransomware operators continue to target hospitals despite the Corona Virus and the massive loads they have to cope with. According to BleepingComputer, only two of the ransomware groups they’ve

    Read More
  • remote connection from a server hardening perspective

    The new reality demands from organizations to be creative to continue running the business. Having the ability to allow employees to work from home is becoming essential for business survival. Even

    Read More
  • Mitigating Type 1 Font Parsing Remote Code Execution Vulnerability for Windows

    A new critical vulnerability in Microsoft Adobe Type Manager Library was discovered after investigating several Windows 7 based attacks. Microsoft is aware of this issue but hasn’t published any update to

    Read More
  • TrickBot RDP Brute Force Attack

    A new module in the known TrickBot attack is now is discovered. The new development allows attackers to leverage compromised systems and launch a brute force attack against Windows systems running

    Read More
  • RDS: Do Not Allow Drive Redirection

    POLICY DESCRIPTION: This policy specifies whether to prevent the mapping of client drives in a Remote Desktop Services session.   By default, an RD Session Host server maps client drives automatically

    Read More
  • SMBv3 wormable vulnerability

    Critical remote code execution vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) was disclosed by Microsoft. This vulnerability was reported as wormable, which makes it even more disturbing. With Wannacry still

    Read More