Limiting Windows Local Administrator Rights

James Tarala20 Critical Controls, Admin Rights

One of the common issues we run into during security assessments and incident response cases is the issue of users being assigned too many permissions on their local computer. For the sake of convenience and expediency, end users often demand that they be assigned local administrator rights. These users, often in an agitated and exaggerated manner, explain to their bosses … Read More

DARPA & MIT Partnership – Example of “Leap-Ahead” Technology?

James Tarala20 Critical Controls

Yesterday, DARPA and MIT announced the results of a project that has been in development which would allow an organization’s network to function even while under an active attack from a distributed denial of service or similar attack. Overly simplified, it’s a network based, whitelisting solution with the ability to baseline normal traffic patterns and automatically block traffic if it … Read More

Aurora Malware Hashes and Domains

James Tarala20 Critical Controls, Advanced Persistent Threat

McAfee has recently released specific details about their analysis of the Aurora malware that was used to compromise 30+ companies over the past few months. This malware is consistent with the types of files that Enclave and other organizations who have responded to APT based attacks have discovered. It appears to utilize many of the same mechanisms and even file … Read More

Automating Audit Tests with Eventtriggers.exe (20 Critical Control Scripting Tip)

James Tarala20 Critical Controls, Audit

One of the issues that we have been dealing with extensively lately is the issue of auditing and automation. This has come most often been raised when we’ve been discussing how to address automating control assessments in conjunction with implementing the 20 Critical Controls. One of the core principles of the 20 Critical Controls is that organizations need to have … Read More