Threat Intel
Imagine this, you setup a server and it has a really weak administrator password! Now let’s imagine you expose RDP to the internet. How long would it take to get pw3nd?
Well we did this, using a custom configuration to make this safe, we setup a Windows Server, setup an administrator account with the password of ‘password’ and monitored the logs! So let’s see what we found.
Read more “Administrator:password”
Defense
In the wake the of the British Airways breach I thought I would shed some light on a technique to help detect and alert (help respond) to events that may affect critical business processes by modifying critical or sensitive files. We are going to start with a simple scenario using out of the box tools.
Windows Server comes with a number of security features including object access auditing, in this post we are going to take a brief look at enabling monitoring of sensitive data files. The example we are going to use are monitoring for changed to the web.config file used my .net web applications.
To start with in our example machine, we are going to need to enable audit object access either using local policy or preferably group policy (it should be noted you need to think about log volume, collection and retention/rotation). Read more “How to audit sensitive file changes using out of the box Windows Tools”