Security, et al

Randy's Blog on Infosec and Other Stuff


02-13-2019   How to Detect Pass-the-Hash Attacks Blog Series


09-12-2018   Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

08-09-2018   Detecting Pass-the-Hash with Honeypots

06-25-2018   Catch Malware Hiding in WMI with Sysmon
06-12-2018   For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

03-16-2018   Experimenting with Windows Security: Controls for Enforcing Policies


12-18-2017   Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network
12-18-2017   Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

11-07-2017   Cracking AD Passwords with NTDSXtract, and John the Ripper
11-07-2017   Cracking local windows passwords with Mimikatz, LSA dump and Hashcat

10-27-2017   Extracting Password Hashes from the Ntds.dit File
10-18-2017   Complete Domain Compromise with Golden Tickets
10-03-2017   Persistence Using AdminSDHolder And SDProp

09-20-2017   How Attackers Are Stealing Your Credentials With Mimikatz
09-07-2017   Extracting Service Account Passwords with Kerberoasting

07-26-2017   Today's webinar includes first-hand account of a company brought to its knees by NotPetya

06-21-2017   Two new "How-To" Videos on Event Monitoring
06-14-2017   Download Supercharger Free Edition for Easy Management of Windows Event Collection
06-02-2017   How to Monitor Active Directory Changes for Free: Using Splunk Free, Supercharger Free and My New Splunk App for LOGbinder

05-29-2017   Ransomware Is Only Getting Started
05-19-2017   Just released: Randy Franklin Smith whitepaper

03-07-2017   Work Smarter – Not Harder: Internal Honeynets Allow You to Detect Bad Guys Instead of Just Chasing False Positives

01-02-2017   Tracking removable storage with the Windows Security Log


12-27-2016   Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
12-20-2016   Tracking Physical Presence with the Windows Security Log
12-02-2016   How to Audit Privileged Operations and Mailbox Access in Office 365 Exchange Online

11-11-2016   How to control and detect users logging onto unauthorized computers

10-12-2016   Severing the Horizontal Kill Chain: The Role of Micro-Segmentation in Your Virtualization Infrastructure

09-19-2016   5 Indicators of Endpoint Evil
09-05-2016   Detecting Ransomware: The Same as Detecting Any Kind of Malware?

08-30-2016   Cloud Security Starts at Home
08-18-2016   The Leftovers: A Data Recovery Study

06-06-2016   Keeping An Eye on Your Unix & Linux Privileged Accounts

05-23-2016   Secure, Fast and Efficient Password Management

04-25-2016   Get rid of QuickTime as Quickly and Efficiently – For FREE!
04-11-2016   Certificates and Digitally Signed Applications: A Double Edged Sword


12-21-2015   Catching Hackers Living of the Land Requires More than Just Logs
12-16-2015   How to Detect Low Level Permission Changes in Active Directory

10-15-2015   Anatomy of a Hack Disrupted: How one of SIEM’s out-of-the-box rules caught an intrusion and beyond

09-29-2015   Strengthen your defenses where the battle is actually being fought – the endpoint
09-21-2015   Making SIEM better by focusing on the top 3 blind spots

08-04-2015   Are You Listening to Your Endpoints?

07-28-2015   Help me! Community Survey 2015

06-03-2015   Enriching Event Log Monitoring by Correlating Non Event Security Information

05-06-2015   Don’t Create a Different sudoers File for Each System
05-06-2015   Mirazon – Great Folks for Unraveling Microsoft Licensing

04-23-2015   Live with SecureAuth at RSA 2015
04-23-2015   Live at RSA: Visualize Your Network and Access Paths Correlated with Relevant Vulnerabilities
04-23-2015   Finally, a new and different way to mitigate the risk of compromised user endpoints
04-23-2015   Live with Dell at RSA 2015
04-23-2015   Live at RSA: Stopping Key Logging and Screen Scraping
04-23-2015   Live at RSA: FIDO authentication protocols and checking in real-time for user presence
04-23-2015   Live with Duo Security at RSA 2015
04-22-2015   Best Practices Primer for Managed File Transfer
04-21-2015   Live with LogRhythm at RSA

03-31-2015   At the End of Day You Can’t Control What Privileged Users Do: It about Detective/Deterrent Controls and Accountability
03-19-2015   How Randy and Company Do IT: Server and Application Monitoring
03-17-2015   Monitoring What Your Privileged Users are doing on Linux and UNIX

02-23-2015   4 Fundamentals of Good Security Log Monitoring
02-23-2015   NEW Free & Easy to Use Tool, Event Log Forwarder for Windows
02-09-2015   Mobile and Remote Endpoints – Don’t Leave Them Out of Your Monitoring
02-02-2015   How to sudo it right for security, manageability, compliance and accountability

01-29-2015   Randy's Review of a Fast, Easy and Affordable SIEM and Log Management


12-17-2014   Beyond Root: Securing Privileged Access in Linux

10-15-2014   Vulnerability Scanning Done Right
10-08-2014   Seven Steps to Designating Owners of Unstructured Data
10-07-2014   Comparison: SQL Server Audit vs. SQL Trace Audit for security analysts

07-07-2014   SolarWinds Makes It Easy to Detect SharePoint Breaches with Integration to LOGbinder SP

05-05-2014   Monitoring File Permission Changes with the Windows Security Log

03-13-2014   Cool Stuff at RSA
03-03-2014   Elephants and Irony at #RSAC

02-26-2014   In search of great technology at #RSAC among all the noise #filtering

01-02-2014   Auditing File Shares with the Windows Security Log


11-19-2013   Pay Attention to System Security Access Events

10-15-2013   Using Dynamic Audit Policy to Detect Unauthorized File Access
10-14-2013   New Technical Brief by Randy Franklin Smith
10-02-2013   Audit Myth Busters: SharePoint, SQL Server, Exchange

09-17-2013   Following a User’s Logon Tracks throughout the Windows Domain

08-22-2013   Come to my session at HP Protect: Setting Traps for Malicious Outsiders and APTs on Your Network

07-26-2013   Take adavantage of an upcoming MS MVP conference

06-30-2013   New White Paper: Top 5 Truths about Big Data Hype and Security Intelligence
06-18-2013   Anatomy of Reflective Memory Attacks
06-12-2013   Whitepaper: APT Confidential: 14 Lessons Learned from Real Attacks

05-13-2013   How to Use Process Tracking Events in the Windows Security Log
05-13-2013   9 Mistakes APT Victims Make

02-18-2013   My new LOGbinder EX for Exchange Released: Bridge the Gap between Exchange and Your SIEM

01-25-2013   Security Log Secrets On-Demand Interactive… Is Now Here!


12-25-2012   Security Log Step-by-Step: Avoiding Audit Policy Configuration Pitfalls
12-15-2012   The Growing Threat of Friendly Fire from Vendors

11-24-2012   New Whitepaper by Randy Franklin Smith "Comparing SharePoint's 4 Audit Logs for Security and SIEM Integration"
11-16-2012   Whitepaper: Comparing Exchange Server's™ 3 Audit Logs for Security and SIEM Integration
11-06-2012   New Whitepaper: SharePoint Audit Logging with HP ArcSight and LOGbinder SP

10-21-2012   Output-ADUsersAsCSV Script to go with 10 Steps to Cleaning Up Active Directory User Accounts
10-15-2012   New Whitepaper: "Exchange Audit Logging with HP ArcSight and LOGbinder"
10-08-2012   Protecting Unstructured Data on File Servers, NetApp, EMC and SharePoint
10-02-2012   Many Questions and Few Answers Regarding Latest Adobe Hack

09-26-2012   Podcast: Inside an Anti-Malware Engine and the Lab Behind It
09-21-2012   New SIEM Synergy Partners over at

08-27-2012   Everything Matters
08-17-2012   SecuritySCAPE 2012 - Be there!
08-06-2012   Are you going to HP Protect 2012? Stay for my Audit Quadrathlon

07-16-2012   Crazy Ideas for Combatting Zombies and APTs

06-29-2012   SolarWinds Log & Event Manager Includes My Favorite Feature in a SIEM…
06-13-2012 2.0: New Coverage for SQL Server and SharePoint audit logging
06-07-2012   New Security Log and Audit Functionality in Windows Server 2012
06-07-2012   Epic Fail on Intuitive User Interface

05-01-2012   LOGbinder SQL Released!
05-01-2012   Chances are Someone is Trying to Steal Your Organization’s Information

04-18-2012   Recommended Alerts and Reports for SharePoint (LOGbinder SP) Updated

03-19-2012   Always Enable Auditing - Even for Logs and Systems You Don’t Actively Review
03-12-2012   The Year I Started Being Afraid

02-16-2012   Why Workstation Security Logs Are So Important

01-17-2012   Understanding the Difference between “Account Logon” and “Logon/Logoff” Events in the Windows Security Log
01-05-2012   Non Security: CRM Dynamics Add-Ons I Can't Live Without


12-21-2011   BitLocker Notes on Backing Up Recovery Keys to Active Directory (AD)
12-19-2011   Virtualization Security: What Are the Real World Risks?

11-23-2011   Automating Review and Response to Security Events
11-15-2011   Need help configuring SQL Server 2008 Audit Policy?
11-03-2011   Bridging the Gaps in Native Windows Auditing
11-01-2011   LOGbinder SQL Beta is released! Join beta testers now

10-19-2011   Security Logging as a Detective/Deterrent Control Against Rogue Admins

09-22-2011   Come On Feel the Noise

08-21-2011   The Art of Detecting Malicious Activity with Logs
08-02-2011   Back Door Bypasses AppLocker and Software Restriction Policies

07-08-2011   Eliminate Windows Firewall Chatter (Noise) from the Security Log

06-24-2011   Say What? Deleting old logs isn’t the responsibility of the SIEM?!??
06-22-2011   How to Audit an Individual Library or List in SharePoint
06-08-2011   Don't Miss the Real Point about the RSA SecurID Debacle
06-07-2011   Intelligent Whitelisting - A Fundamentally Different Approach to Combating End-point Malware

01-11-2011   Be the first to take Audit and Assessment of Active Directory – On Demand Interactive and take it no charge


11-04-2010   Keeping up with the changing landscape of patch management

10-01-2010   Does Microsoft care about the Security log?

07-08-2010   New Rosetta Audit Logging Kits

06-18-2010   My New Windows Security PowerPack Solves 3 Security Headaches and It's Free

05-13-2010   I love Tilana Reserve Continuous Data Protection
05-13-2010   I like Camtasia but...

02-09-2010   Making the SharePoint Audit Log Usable

01-12-2010   Understanding Audit Logging in SQL Server 2008 - 2/18/10 12PM US Eastern Time


12-28-2009   Venue Announced for Security Log Secrets - Los Angeles - January 25-27
12-03-2009   My next webinar is a comprehensive look at reducing the problems and risks associated with passwords using the latest technologies

11-03-2009   New way to delegate view access to the security log in Windows Server 2008

10-06-2009   Where did "Replace auditing entries on all child objects" check box go in Active Directory Users and Computers?

09-24-2009   New Software that Unlocks the SharePoint Audit Log
09-21-2009   Register Now: Security Log Secrets Training Seminar - Los Angeles - 1/25-27/2010
09-15-2009   LogRhythm 5.0 Opens New Frontier in Log Management with Active Directory Integration
09-11-2009   New Audit Features in Windows 7 and Windows Server 2008 R2

08-28-2009   Recommendation Withdrawn: Applicure's dotDefender

07-27-2009   10 Reasons You Absolutely Need an Active Directory Reporting Solution to Pass Audits, Improve Security and Reduce Costs

06-12-2009   Enhanced help for managing access control in Windows environments

04-28-2009   Free Log Consolidation and Search Tool That Really Works!


04-27-2006   Windows and Security in the same sentence?

05-05-2006   Patch management is mostly a workstation issue right now
05-13-2006   Why I don’t like Authenticated Users
05-19-2006   SANS Log Management 2006 Summit
05-19-2006   Zero information on zero day vulnerability in Word
05-20-2006   Update on zero day Word vulnerability
05-23-2006   Microsoft publishes advisory on zero-day Word vulnerability
05-23-2006   NIST Publishes Recommendations on Computer Security Log Management
05-30-2006   Critique of NIST Guide to Computer Security Log Management (800-92)

06-13-2006   Commentary and analysis posted for todays 12 MS security bulletins
06-14-2006   You’ve got 2 weeks to patch Outlook Web Access
06-16-2006   Zero Day Vulnerability in Excel
06-20-2006   Better workaround information needed for Excel zero-day exploit

07-11-2006   Patches finally released for nasty zero-day exploits and more
07-15-2006   Take Aways from SANS Log Management Summit

11-01-2006   Custom Administrative Template for Setting the Kill Bit on ActiveX Controls


01-15-2007   New doc from MS for storing BitLocker recovery information in Active Directory

03-14-2007   New tool for BitLocker help desk calls

05-17-2007   Recommended Audit Policy


01-17-2008   WinSecWiki is Live!

06-04-2008   New Features in LogRhythm 4.0 Deserve a Place on Your Short List

07-29-2008   Log monitoring and the Terry Childs/City of San Francisco debacle

powered by Bloget™


Recent Blogs


Additional Resources