Security, et al

Randy's Blog on Infosec and Other Stuff


02-13-2019   How to Detect Pass-the-Hash Attacks Blog Series


09-12-2018   Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

08-09-2018   Detecting Pass-the-Hash with Honeypots

06-25-2018   Catch Malware Hiding in WMI with Sysmon
06-12-2018   For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

03-16-2018   Experimenting with Windows Security: Controls for Enforcing Policies


12-18-2017   Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network
12-18-2017   Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

11-07-2017   Cracking AD Passwords with NTDSXtract, and John the Ripper
11-07-2017   Cracking local windows passwords with Mimikatz, LSA dump and Hashcat

10-27-2017   Extracting Password Hashes from the Ntds.dit File
10-18-2017   Complete Domain Compromise with Golden Tickets
10-03-2017   Persistence Using AdminSDHolder And SDProp

09-20-2017   How Attackers Are Stealing Your Credentials With Mimikatz
09-07-2017   Extracting Service Account Passwords with Kerberoasting

07-26-2017   Today's webinar includes first-hand account of a company brought to its knees by NotPetya

06-21-2017   Two new "How-To" Videos on Event Monitoring
06-14-2017   Download Supercharger Free Edition for Easy Management of Windows Event Collection
06-02-2017   How to Monitor Active Directory Changes for Free: Using Splunk Free, Supercharger Free and My New Splunk App for LOGbinder


04-25-2016   Get rid of QuickTime as Quickly and Efficiently – For FREE!


04-23-2015   Live at RSA: FIDO authentication protocols and checking in real-time for user presence
04-21-2015   Live with LogRhythm at RSA

02-23-2015   NEW Free & Easy to Use Tool, Event Log Forwarder for Windows

01-29-2015   Randy's Review of a Fast, Easy and Affordable SIEM and Log Management


10-08-2014   Seven Steps to Designating Owners of Unstructured Data
10-07-2014   Comparison: SQL Server Audit vs. SQL Trace Audit for security analysts

01-02-2014   Auditing File Shares with the Windows Security Log


11-19-2013   Pay Attention to System Security Access Events

10-15-2013   Using Dynamic Audit Policy to Detect Unauthorized File Access
10-14-2013   New Technical Brief by Randy Franklin Smith

09-17-2013   Following a User’s Logon Tracks throughout the Windows Domain

08-22-2013   Come to my session at HP Protect: Setting Traps for Malicious Outsiders and APTs on Your Network

06-18-2013   Anatomy of Reflective Memory Attacks
06-12-2013   Whitepaper: APT Confidential: 14 Lessons Learned from Real Attacks

05-13-2013   How to Use Process Tracking Events in the Windows Security Log
05-13-2013   9 Mistakes APT Victims Make

01-25-2013   Security Log Secrets On-Demand Interactive… Is Now Here!


12-25-2012   Security Log Step-by-Step: Avoiding Audit Policy Configuration Pitfalls
12-15-2012   The Growing Threat of Friendly Fire from Vendors

11-16-2012   Whitepaper: Comparing Exchange Server's™ 3 Audit Logs for Security and SIEM Integration

10-21-2012   Output-ADUsersAsCSV Script to go with 10 Steps to Cleaning Up Active Directory User Accounts
10-15-2012   New Whitepaper: "Exchange Audit Logging with HP ArcSight and LOGbinder"
10-08-2012   Protecting Unstructured Data on File Servers, NetApp, EMC and SharePoint
10-02-2012   Many Questions and Few Answers Regarding Latest Adobe Hack

09-26-2012   Podcast: Inside an Anti-Malware Engine and the Lab Behind It

08-27-2012   Everything Matters
08-17-2012   SecuritySCAPE 2012 - Be there!
08-06-2012   Are you going to HP Protect 2012? Stay for my Audit Quadrathlon

07-16-2012   Crazy Ideas for Combatting Zombies and APTs

06-29-2012   SolarWinds Log & Event Manager Includes My Favorite Feature in a SIEM…

05-01-2012   Chances are Someone is Trying to Steal Your Organization’s Information

03-19-2012   Always Enable Auditing - Even for Logs and Systems You Don’t Actively Review
03-12-2012   The Year I Started Being Afraid

02-16-2012   Why Workstation Security Logs Are So Important


12-19-2011   Virtualization Security: What Are the Real World Risks?

11-23-2011   Automating Review and Response to Security Events
11-15-2011   Need help configuring SQL Server 2008 Audit Policy?
11-03-2011   Bridging the Gaps in Native Windows Auditing

10-19-2011   Security Logging as a Detective/Deterrent Control Against Rogue Admins

09-22-2011   Come On Feel the Noise

08-21-2011   The Art of Detecting Malicious Activity with Logs
08-02-2011   Back Door Bypasses AppLocker and Software Restriction Policies

06-22-2011   How to Audit an Individual Library or List in SharePoint
06-08-2011   Don't Miss the Real Point about the RSA SecurID Debacle
06-07-2011   Intelligent Whitelisting - A Fundamentally Different Approach to Combating End-point Malware


11-04-2010   Keeping up with the changing landscape of patch management

07-08-2010   New Rosetta Audit Logging Kits

06-18-2010   My New Windows Security PowerPack Solves 3 Security Headaches and It's Free


10-06-2009   Where did "Replace auditing entries on all child objects" check box go in Active Directory Users and Computers?

09-24-2009   New Software that Unlocks the SharePoint Audit Log

08-28-2009   Recommendation Withdrawn: Applicure's dotDefender

07-27-2009   10 Reasons You Absolutely Need an Active Directory Reporting Solution to Pass Audits, Improve Security and Reduce Costs


04-27-2006   Windows and Security in the same sentence?

powered by Bloget™


Recent Blogs


Additional Resources