Behind the Scenes of an Active Breach (Part 2): Evading Defenses

This is Part 2 in a two-part series that examines actions taken by adversaries in a breach. In Part 1, we covered steps taken to establish persistence in the environment. This post will dive into steps the malware took to evade defenses as it disabled security tools, masqueraded as Windows binaries, accessed credential management libraries, and moved laterally […]

Damage from Malicious Admins and Credential Access

Good security sometimes requires us to get back to basics on a number of things, including how we use and secure administrative credentials. Admin accounts enable us to configure all sorts of technologies, from software installations and Windows network controls to WordPress servers. If you can administer it, odds are good that there’s a special […]