Loading...

Follow CQURE Academy Blog - Where Windows Hackers Leve.. on Feedspot

Continue with Google
Continue with Facebook
or

Valid

After a recent success as a keynote speaker, Paula returns to the RSA Conference series with another valuable cybersecurity speech. Her session on July 18th revealed to you Fatal signs: 10 symptoms when you think you’ve been hacked. 

>> Scroll down to view slides and tools from Paula’s session and gain even more valuable knowledge >>>

As the new malware trends evolved during the last year, trying to blend in day-to-day admin operations or using machine learning to make malware harder to analyze, we must be prepared to face new threats more effectively. We all need the mandatory list of places to check in case of being hacked, or at least when we are in doubt. There are OS behaviors that could indicate something is currently active, but how can we spot exactly what that is?

This and more were the subjects of today’s session so now you should be familiar with places where data can be deliberately hidden by malicious software, aware of the hacking symptoms, tools and techniques to spot such activities, and well instructed how you can mitigate hackers to exploit discussed OS areas.

About the Conference

The RSA Conference connects businesses with the cybersecurity industry’s most forward-thinking leaders. During the conferences, participants get the best tips on how to protect their companies and how to stay ahead of cybersecurity threats. This year’s theme of the event is “Better”. What’s hidden behind this theme? Searching for better solutions, making better connections with peers and making the world a better place, by keeping it secure.

Paula’s presentation slides can be found HERE

Download the tools HERE (Password: CQUREAcademy#123!)

If you have any questions please drop us a message via our contact form.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Do you know that 87% of breached companies did not have security policies and they even did not implement any security awareness education program for employees? 

If you took part in Paula Januszkiewicz’s keynote session at the RSA Conference in Singapore, then you probably already know this – any many more industry insights! 

If you didn’t have the chance, then it’s high time to see her presentation! 

>>> Scroll down to view slides and tools from Paula’s session and gain even more valuable knowledge >>>

About the RSA conference 

The RSA Conference connects businesses with the cybersecurity industry’s most forward-thinking leaders. 

During the conference, participants get the best tips on how to protect their companies and how to stay ahead of cybersecurity threats. 

This year’s theme of the event is “Better”. What’s hidden behind this theme? Searching for better solutions, making better connections with peers and making the world a better place, by keeping it secure. 

About Paula’s keynote speech 

From Paula’s session you can learn 7 Security Issues that should not happen in 2019.  
 
In combination with the statistics they seem to be quite common, so you should check out if they don’t appear in your company! 

Additionally, you will get ready solutions for each of the issues, so be sure you read the presentation carefully. 

Paula’s presentation slides can be found HERE

Download the tools HERE (Password: CQUREAcademy#123!)

If you have any questions please drop us a message via our contact form.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

In this article we are going look into the process authentication with ADFS. We will use “Fiddler” – free web debugging proxy tool to analyze network conversation between website to which user is authenticating and its web browser. This is a very useful tool for troubleshooting ADFS authentication problems and we will learn what the attacker using man-inthe-middle (MITM) attack can see and do and how to prevent token replay attack.

Basics


But first let’s start with the basics. What is ADFS and why to use it? Active Directory Federation Services is a standardsbased service that allows the secure sharing of identity information between trusted (federated) partners. When a user wants to access resources from one of the federated partners (RP – resource provider) they are redirected to their own organization for authentication (IdP – Identity Provider) and only claims (signed statements about user) are returned to the resource provider. Main benefits of using ADFS: you never reveal your credentials to third parties, users can experience single sign-on, simplified (centralized) user account management, centralized federated partner management and many more.

Sniffing network conversation


To analyze network traffic during the federated authentication process we will use Fiddler which can be downloaded from Telerik’s web site http://www.telerik.com/fiddler. Additionally, we will use Fiddler Inspector for Federation Messages to simplify the analysis of SAML 2.0 and WS-Federation format messages. To add this to your Fiddler installation just simply download the archive from http://identitymodel.codeplex.com/releases/view/52187 and copy content from \bin\Debug folder into \Inspectors folder in Fiddler installation path.

After installation start your Fiddler and go into Tools -> Tellerik Fiddler Options -> HTTP (tab) and check Capture and Decrypt HTTPS checkboxes. You will be prompted to install newly generated “Trusted Root Certificate” and from now on Fiddler will act as man-in-the-middle between your web
browser and any other server. Screens below present configuration steps.

Without closing Fiddler, we’ll start a web browser and go to the website that is federated Resource Provider in our test environment, which is https://sdc01.cqure.lab/ (#2 in the figure below). Resource requires authentication and the user is redirected from sdc01.cqure.lab to Identity Provider configured in web.config file (https://adfs.cqure.lab) #3. After
successful authentication, user’s web browsers receives response #5 with HTML web form that contains token signed by ADFS with all claims issued for RP that was requesting authentication. Web form is automatically posted and sent to sdc01.cqure.lab #6 where the token is verified and authorization is processed by RP based on claims issued by IdP.

So let’s see how the token looks like. We need to select #5 on the list of HTTP/S requests and on the right side of Fiddler chose Inspectors and Federation from lower tabs list.

Listing below presents part of the token sent in XML format containing  RequestSecurityTokenResponse. Besides information about where and when this token was created, we can find all claims issued during the authentication process.

What is sent to RP is controlled by IdP administrators and is determined during the configuration of federation with other parties? Sometimes RP might require to send claims containing sensitive information which we do not want to share with anyone else besides RP. In this example, you can see a private phone number. Of course, all messages are sent through SSL
tunnel but in case of MITM attack between RP and client web browser, a hacker could receive private information.

Encrypting claims


To be sure that no one except RP can read claims sent with authentication token we need to encrypt their content. First, we need to have a certificate installed on IIS hosting website. Content of the token will be encrypted with the public key of that certificate so we need to publish it in RP’s metadata or copy it to our ADFS server and chose it in AD FS management console.


Go to AD FS console -> Trust relationships -> Relaying Party Trust -> Your RP Name (properties) -> Encryption (tab) and browse for public key of certificate (figure above). 
The second step is to add information about the certificate to the web.config file. Add serviceCertificate inside <microsoft.identityModel> <service> section.

Remember that Windows user account which application pool is using must have access to private key of certificate to decrypt claims, otherwise we will receive an error. We can grant this privileges using MMC console for computer’s certificates. Locate certificate, then choose All Tasks  Manage Private Key and grant read permission to
IIS Apppool\<NameOfAppPool> user.

Now when we are sniffing token we see only encrypted data unless we have access to private key.

Preventing token replay attack


As mentioned before token created by ADFS is sent to client’s web browser in HTML Web Form which is than posted to RP website. By default this token can be used to authenticate at RP again if it’s captured by MIMT attack. And now let’s test this. Again we go to line #5 in Fiddler but this time we choose TextView on lower tapict 9bs list and click View in Notepad
in the bottom right corner. This will open a new notepad instance with HTML code. We save this file as replayToken.html.

We need to remember to sign out from the website and restart web browser so we are sure that we are no longer authenticated. Next, we try to access the website again and it should redirect us to ADFS login page but this time instead of providing our credentials we simply open previously saved replayToken.html. Depending on settings of our web browser we will see HTML Web Form and button to send it or we will be automatically redirected to the website.

This attack will work until the token expiration time. To prevent this kind of attack we need to enable Token Replay Detection in our application.
To do this open web.confing file and add tokenReplayDetection entry inside <microsoft.identityModel> <service> section. 
We can specify how long and how big should be the history of used tokens.

After saving changes we can test the replay token attack again. Remember that the first time after the change token will still work but the second attempt will generate an error SecurityTokenReplayDetectedException that should be handled by the application code.

I hope that this short article will help you to understand the basics of ADFS authentication process and that you’ve learned how to use Fiddler to sniff tokens. This sill is very important for troubleshooting. Also now you know how to protect your claims from unauthorized access and protect from token replay attack in your web application.


Contact us at info@cqure.us if you want to learn more about ADFS or setting your own test environment for this article.


Stay CQURE!

Michael Jankowski-Lorek (CQURE Academy)

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

On May 23rd, at the 24th NT Conference in Portorož, Slovenia, you could meet Mike Jankowski-Lorek, our Cloud Security and Database Expert. During his speech, Mike presented the traps of technology in credential security and showed tips on how to avoid them.

>>> Scroll down to view slides from Mike’s session and gain even more valuable knowledge >>>

Kinds of risk and solutions

Due to Mike’s very technical session, all attendees are now able to find out where their credentials are stored and how easy is to reveal them. Moreover – he answered the bothering question of whether cached credentials bring any danger or not.

As a Cloud Security and Database CQURE Expert Mike also couldn’t omit the role of cloud computing in data security and how it affects our safety.

Presentation of DPAPI
What is a key takeaway after the session? You will be able to discover all the unexpected places, where your passwords are hidden!

How is this possible? All thanks are going to the world discovery made by Mike and CQURE team – how to decrypt DPAPI protected data by leveraging usage of the private key stored as a LSA Secret on a domain controller. This reverse-engineered mechanism allows you to see how password attacks are performed and how you can avoid them. That was a valuable experience!

About the NT Conference
The NT Conference is the biggest Slovenian technological event, being one of the most successful and important IT and business conferences in the country.
This year the conference has been held for the 24th time and, as usual, it was full of valuable lessons. 3 days of more than 10 in-depth training, held by over 100 speakers! During this year’s edition over 2200 participants had the chance to talk, network and connect. Everything within the topic of technology. Those numbers speak for themselves!

If you have any questions please drop us a message via our contact form.

If you didn’t have the chance to visit the NT Conference in Slovenia, but still would like to see Mike’s presentation, we have a solution for you! You will find the source HERE.

See you soon!

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

On May 15th Paula delivered a keynote and led a breakout session at it-sa India in Mumbai.

>>> Scroll down to view slides and tools from Paula’s session and gain even more valuable knowledge >>>

The proper protection of the infrastructure is a key challenge of all organizations these days. Agree or not – every system has weaknesses so we do face the demanding security issues every day and everywhere. But, surprisingly, hackers often use the same paths to enter the system! Wouldn’t it be better to find the gap before an untrusted source or hacker does? CQURE encourages the customers to apply some basic behaviors to protect their businesses from the attack to assure the business continuity. Below you can find the link to Paula’s presentation that will help you to understand hacker’s way of thinking and will definitely get you closer to the more effective protection of your business assets.

The breakout session led by Paula described the “Fatal Signs: 10 Symptoms When You Think You’ve Been Hacked”.
During this session Paula presented the symptoms that could indicate that they have been hacked and tools and techniques to spot this kind of activities. Attendees learned how you can mitigate hackers to exploit discussed OS areas.

About it-sa India

it-sa India emerged as the meeting place of IT Security experts and stakeholders from South – Asia region.

The expo showcases information security products and services from leading principals, manufacturers, vendors, suppliers and key solution partners, covering an extensive range of products and services showcasing all areas of IT security including physical IT security and areas of research and security consulting. The accompanying congress program includes expert talks and panel discussions featuring some of the best names from the Industry.

The exhibition draws expertise from the parent event it-sa, which takes place every year in Nuremberg, Germany and is one of the leading events worldwide. Paula Januszkiewicz was poised to hold a special keynote at it-sa 2018! ‘Cyber Security Europe’ journal caught up with her shortly after the keynote speech. See the interview here: https://cqureacademy.com/blog/cse-interview-paula-januszkiewicz

If you have any questions please drop us a message via our contact form.

Paula’s presentation slides can be found HERE

Download the tools HERE. (Password: CQUREAcademy#123!)

The post [it-sa India 2019] Keynote: “Think and Act Like a Hacker to Protect Your Company’s Assets” and breakout session appeared first on CQURE Academy.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The trio describes their experience of the conference so far before diving into the red-hot topic of security. Next, they consider the challenges which everyone in tech is up against right now, before ending the discussion on diversity (or the lack of it) in the IT industry.

For all the juicy details watch the video interview, audio podcast or scroll down for the readable Q&A.

GeekSchau(EN) - All about Security with Paula Januszkiewicz at MSIgnite 2018 - YouTube

#33 - GeekSprech(EN) - All about Security with Paula Januszkiewicz at MSIgnite - SoundCloud
(1842 secs long, 422 plays)Play in SoundCloud

Eric Berg: What has your conference been like so far?

Paula Januszkiewicz: It’s super crazy because I also have the community reporter role at Microsoft Ignite. That makes me really have to jump to many different locations for different interviews, with different people and so on. I also had my session yesterday.

Alex Benoit: Was the room packed?

Paula J.: Absolutely, it was full. And I’ve heard not everybody managed to actually get into the room, which I’m really sorry about but luckily, they were playing it in the Beemer over here. So that’s not too bad.

Alex B.: So how is Ignite for you?

Paula J.: Ignite is very good. It’s always an opportunity for me to meet up with other geeks. And really, this is the thing that I care about the most as I really like to be with people and talk to people, and wave to people, and have these conversations and interviews. So, it’s really something that gives me energy.

Eric Berg: Have you seen anything at Microsoft Ignite that was mind-blowing?

Paula J.: The Passwordless Resync. It’s bringing a little bit of a comfort for everybody.

Alex B.: How do you see the role of the CISO guys in the companies? It’s pretty challenging to stay ahead on every discussion with everything that’s going on even for us guys.

Paula J.: Yes, CISO is a very challenging role. I’m dealing with CISOs pretty much all the time because that’s my job. I’m the CEO of the company at the same time doing pen-tests, consulting customers etc. So, we have this conversation about what is the biggest problem nowadays in cybersecurity and I think that the biggest problem that we have right now is the lack of a skill set. And I like to quote this one thing and sometimes I feel like I’m repeating myself, but Financial Times actually made a very good point, because they said by 2019 we going to be in the need of six million cybersecurity professionals.

Alex B.: Oh, wow.

Paula J.: With the current development we have we’re going to be one and a half million short which means many things. Maybe security services’ prices will go up because the skill set matters. It really matters how much you know in cybersecurity. The companies will suffer because they will need to pay more for it. But on the other hand, if you want to hire someone good, you need to grow this person from the beginning. And I really think that this is an approach that companies should take.

Alex B.: And it’s very tough to hire people overall. The security consultant or security market overall is empty and there are no people to hire.

Paula J.: It’s not that bad, it’s just very difficult and I was also struggling with that problem. We are all struggling with that problem all the time. But who is actually a cybersecurity consultant if we try to define that person? It’s a person that could be growing under the wings of some kind of an enterprise or it could be an independent consultant which is a pretty hard job because you need to do your own sales.

Alex B.: And that costs a lot of time, right?

Paula J.: That’s my point. So sometimes, when we are searching for security consultants, we pick that area, because these people usually are a little bit tired of dealing with the sales part.

Eric Berg: That’s so true.

Paula J.: And that’s why we say, “Hey, you don’t need to do the sales part anymore. Come over and you’re going to do your geeky stuff.” And this is how you acquire a good talent. In security, you need to be up to date pretty much every day. It’s a mindset. To me, someone could finish in whatever subject but if there is a good approach and a good mindset that is a person to grow in cyber.

Eric Berg: Everybody here at Ignite sees a man, man, man, and sometimes, man. I think it’s the only conference where men have to wait to go to the restroom and the women always laugh at us for this.

Paula J.: Oh yeah.

Eric Berg: What about the role of women in technology and especially maybe women in security? What do you see there? Is this probably an opportunity to get some new people into this?

Paula Januszkiewicz: Yes! But just to give you an example, at one of the biggest banks actually the person who manages their major, mainframe over there is a woman. I’m actually proud of that particular single event. Gender to me is not very important as what matters really is how much you know. But a couple of years ago, it maybe was a little different.

I actually established the Women in Technology 12 years ago in my country in Poland. I’m not doing it anymore because I don’t have time, but at that time, that was actually needed. We are part of the minority group, and to step into the majority, you’re maybe a little bit shy.

My message at the time – and I haven’t changed the message – is that what really matters how much you know. It’s really inspiring if you know something. The first thing I want to do when I learn something is to share it. Of course, there might be no one who wants to listen, but I’m still like ‘who wants to listen?’, yes.

Eric Berg: What you’re doing is good, so probably everybody wants to listen to you.

Paula J.: Cybersecurity is an interesting subject to so it kind of defends itself. I’m really happy to see more women around us now than in the past.

The young generation got that message when I was doing this 12 years ago. They were women around their 20’s, so now they are in their 30’s and in their professional careers. If the Women in Technology helped to bring about a change, I’m very proud to see that, and I’m not the only one that was doing this. If what we see right now is the result of what was happening in the past, awesome.

Eric Berg: What’s a good point to start in security? How do you get into this topic to grow your knowledge?

Paula J.: I really think that for someone who has no experience, it’s quite hard to be hired in an organization that will immediately give you some kind of a responsibility on the infrastructure. So, I really think that the good way to start for young people is to start at consulting companies. And the reason why I say this is because consulting companies will never give you a responsibility to do the implementation at the customer side, but they will grow you because this is in their business and they earn money on it.

So basically, if you’re young, you can jump into that kind of environment. Yes. It’s going to be hard. I was sleeping – and I still do – about four hours per day to technically do some stuff, like assist in the PKI implementations in the past. But that was really worth it. And I’m really thankful for whoever grew me.

Alex B.: Yeah, I would be totally scared if I was hired by a company and then responsible for the firewall even if it’s not the first line firewall and they say, “Hey, deal with the firewall” and I have no idea what I’m doing.

Eric Berg: If something happens that’s your fault.

Paula J.: Another issue is that we all tend to go where we feel comfortable, and you start feeling comfortable in the area that you don’t have a full expertise in, which kind of makes you to make even worse mistakes. So, you are learning this, but you don’t really know if it’s a good way or bad way and there are not many people to challenge you. And in the consultancy world, there are actually challenges for you all the time.

Alex B.: And you will do these mistakes, right? There’s no way around it because you don’t know everything.

Paula J.: Of course.

Alex B.: And there are always people that are smarter than you in one another area.

Paula J.: Always. And even when a company is hacked then there are forensic teams that come to the place. It’s a question of who was smarter, the hacker or you. And there was always someone being smarter and of course, that’s kind of like minimizes somewhere in the bottom. And there are small mistakes that we can make. But still, there’s always someone that looks at security from a different angle and I really appreciate that. Also, at Microsoft Ignite there are all these different security sessions and different conversations.

Everybody has their own experience and security is a relatively new subject. Sharing is caring; I know this about that environment and this is how we exploit it. And someone says, “Oh, there was this tool that one of the geeks wrote. Do you want to have it?” And then we exchange tools and knowledge which is really what I love about Ignite.

Alex B.: Eric and myself, were at the trust and tech close security roundtable on Tuesday and there were so many people from all the different areas and they always see CQURE. There were people from the firewall and then we had network guys and some application security people there, and everybody brought in their experience. It’s always about sharing information.

Alex B.: So, joining a consulting business is a good starting point. How do you proceed then?

Paula Januszkiewicz: How do we start? I would suggest for juniors to actually get engaged with some kind of a consulting company so that they will challenge you to the point that you need to act faster. It’s kind of cruel but that’s how you challenge yourself. Not everybody is happy with doing this, of course. Not everybody needs to be challenged all the time as people don’t feel comfortable.

But security is actually that kind of a business in my opinion. So, you are basically in a consulting company, and then you need to find yourself a good leader, good mentors that will give you good examples. It’s very important because we have like 20 years of experience working in IT environments, but we sometimes lack the basics in security.

Maybe it’s not nice to say, but this is what I see in practice when I do pen-test, sometimes it’s just a boring job. You go to the customers and you’re like, “Oh no this isn’t working” and it’s the same mistake that you see all the time.

If you want to start your adventure in security, you need to read Windows Internals and the 1500 pages need to be read not in one night but maybe many times for a year. This is the book to read. To actually learn security basics.

Eric Berg: Yeah, I’ve spoken to CISO or security people. They did firewall stuff and haven’t had any idea of how some IP 6 works and that’s because they said, “Hey, we only have IP 4 and we haven’t the chance to deal with that yet.”

Paula J.: They could find a good technical advisor. The question is, does the CISO actually need to be that knowledgeable in technologies? Yes, they should be tech-savvy for sure and somewhat knowledgeable in my opinion. And they should also have an awareness that he or she is not really like, 100 percent tech savvy or like super geek out there in these technologies. So, then this person should hire an advisor, maybe internally, maybe externally, who knows someone who knows the technology best.

For example, right now, the trend is information protection. It’s been there for so many years but now people are starting to talk about it, and we’re like, “Okay, that makes sense.” We don’t want our documents to leak. So, what was happening, excuse me for the past 10 years documents were leaking.

Eric Berg: You see this quite often today; everybody thinking oh that’s brand new, but we had it in the past and now everybody’s like, “Oh, that’s a good new idea.”

Paula J.: Totally.

Eric Berg: What are the other challenges you see?

Paula J.: The challenges that I see are that first of all experience needs to be built in general. We can see, for example, systems that are out there for like three months and then they’re like, “Hey, Paula, I just acquired this role, I am a CISO for three months we need a little bit of help.” Sometimes someone might be working in technology their whole life and then they take on a CISO role and I would say that’s maybe a little bit better.

The companies currently have to build a security framework or cybersecurity framework of the set of areas that everybody needs to cover and plan cybersecurity in every single area. Starting for example with (I know it’s another very technical subject) but let’s say HR. Who do you hire as your domain admin? It’s also a security process. And I’m not saying that domain admins are bad. But we’ve heard stories where domain admins were actually violating security.

I participated in a project like that, where we had to do forensics because domain admin was not very nice. And at the end, these people have access to our super-secret information and to our companies’ know-how. So, Information Protection comes into place. And there’s always this question of who controls the domain admin. So, there is a little bit of trust that we need to give to this person and secure ourselves with technology. But that trust should be actually a reasonably given trust by a well-designed HR process of hiring someone that has access to the full details of our company.

This is also a role of the CISO, to design these kinds of things. But of course, things like technology, what kind of algorithm, what kind of cryptography do we use in our company? Is it compliant with XYZ? Is it good for us? Bad for us? Do we have important incident response procedures?

Lots of companies, they don’t have it. For example, there was a forensic project, not long ago that we did and one of the first things we ask is, “Okay, so guys, did you manage to get the memory dump, this dump, etc?” And they were like, “No, because we had to recover because there is business going on. So, there was no time for that.” Okay, we understand, but that really makes it difficult at the end to spell out what actually happened in this company.

Eric Berg: I’m working a lot with the system admins, not the security guys in the company. And for them, it’s like, oh, our anti-virus has shown up that there was a Trojan or whatever and it was deleted. So, everything is fine. I’m done. And every time I’m like, “Are you sure? Are you sure that it was really just this one file that has been deleted?”

Alex B.: Are you interested in where it came from?

Eric Berg: Where it came from and where it ends and what happened before and after. So, it’s a good thing because you said two or three times now it’s processes and I have seen so many companies thinking about tools. I paid so much money for my tools and I bought this tool and I bought that tool and actually if you don’t have a process to deal with the tools it’s a problem. Do you see this too?

Paula J.: Absolutely and this is my favorite, actually. Some of the companies are very aware and that’s fantastic. I love to work this way. But some other companies might be a little bit challenging. There is one example that’s always in my head which was “we have like three anti-spam solutions”. That’s a quote.

I said, “Okay. Why do you need three?” And they said, “because the first one doesn’t discover it, and the second one …” And I said, “Why don’t you just have one, but configured well?” And they said, “Oh no, no, no, no we prefer to have three.” I’m like, “Okay. Great.” So basically, it’s just really a matter of awareness.

Alex B.: What we see a lot is that if a breach happens, nobody has an idea of what to do next. Do you see that too?

Paula J.: Yes, and that’s very sad because it happens. Incident procedure response is something that can be well-designed and well-planned. It’s not really a difficult process; the well-written incident response..

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The 2019 Summit was the 12th edition of the InfoSec Summit!

It was a great pleasure to bring you the best of CQURE’s knowledge during Paula’s Januszkiewicz keynote and breakout sessions!

>>> Scroll down to view slides and tools from Paula’s session and gain even more valuable knowledge >>>

A couple of words about the keynote session! Have you ever considered what are the worst security mistakes made by administrators? Becoming familiar with Ten Deadly Sins of Administrators about Windows Security is a great opportunity to get insights how your network could become significantly more secure. Let’s face it: there are more than 10 dangerous mistakes. But if you start to think like a true cracker, all of these sins shown during the session would be behind you. Those were some of the hot cybersecurity topics Paula has triggered during her presentation!

Of course, adequate approach is crucial, but it is not everything. Hackers’ attacks do happen everyday. During break-out session CSI: Windows – Techniques for Finding the Cause of the Unexpected System Takeovers session Paula showed that hackers’ attacks, paradoxically, could help you. By performing several analysis we are able to get enough evidence of performed malicious actions. This type of monitoring can be also useful when performing the regular investigation of what happened in the system, not only from the attacker’s perspective!

If you have any questions please drop us a message via our contact form.

Paula’s presentation slides can be found HERE

Download the tools HERE. (Password: CQUREAcademy#123!)

The post [InfoSec Summit 2019] Paula Januszkiewicz and common cybersecurity mistakes, CQURE insights and techniques appeared first on CQURE Academy.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The 2019 Summit was the 12th edition of the InfoSec Summit!

It was a great pleasure to bring you the best of CQURE’s knowledge during Paula’s Januszkiewicz keynote and breakout sessions!

>>> Scroll down to view slides and tools from Paula’s session and gain even more valuable knowledge >>>

A couple of words about the keynote session! Have you ever considered what are the worst security mistakes made by administrators? Becoming familiar with Ten Deadly Sins of Administrators about Windows Security is a great opportunity to get insights how your network could become significantly more secure. Let’s face it: there are more than 10 dangerous mistakes. But if you start to think like a true cracker, all of these sins shown during the session would be behind you. Those were some of the hot cybersecurity topics Paula has triggered during her presentation!

Of course, adequate approach is crucial, but it is not everything. Hackers’ attacks do happen everyday. During break-out session CSI: Windows – Techniques for Finding the Cause of the Unexpected System Takeovers session Paula showed that hackers’ attacks, paradoxically, could help you. By performing several analysis we are able to get enough evidence of performed malicious actions. This type of monitoring can be also useful when performing the regular investigation of what happened in the system, not only from the attacker’s perspective!

If you have any questions please drop us a message via our contact form.

Paula’s presentation slides can be found HERE

Download the tools HERE. (Password: CQUREAcademy#123!)

The post [InfoSec Summit 2019] Paula Januszkiewicz and common cybersecurity mistakes, CQURE insights and techniques appeared first on CQURE Academy.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview