Real-Training-For-Free Webinars

Every month Randy and fellow experts host real-training-for-free ™ webinars on a variety of information security topics. These sessions are fast, informative and practical.  PowerPoint slides provided so you can take notes.

CPE Credit

1 CPE credit per webinar that you attend live. Click here for a transcript of webinars you have attended live.

7/17/2024 IT Asset Visibility: Discovering Unknown Devices and Systems on Your Network
6/18/2024 Unpacking the Evolution of Geopolitical Cyberattack Tactics, Step-By-Step
5/21/2024 The Advantages and Limitations of MFA: A Look into Common Bypass Techniques and Security Counter Measures
5/16/2024 Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens
4/25/2024 Assessing the Security of Your Active Directory: User Accounts
4/23/2024 Unpacking a Linux Supply Chain Compromise Using the Recently Published XZ Utils Backdoor as the Example
3/26/2024 An Analysis and Live Demonstration of the Emerging Attack Vector of Malicious Extensions
3/12/2024 Risks of Identity and Credential-Based Cyber Attacks - From Cracking Passwords, Stealing Credentials, & Elevating Privileges to Full Admin
2/13/2024 Identity Attack Surface Key Weakness Analysis Redux: Shifting from On-Prem to Cloud
1/25/2024 Windows Security Log Deep Dive: Understanding Kerberos Authentication Events from Domain Controllers
1/23/2024 Patient Zero: What It Takes to Identify New EXEs Appearing on Your Network
12/14/2023 Building an Incident Response Playbook on the Fly Against Scattered Spider Lateral Movement
11/15/2023 IDAT Loader: A Malware Family First Look Deep Dive with Security Researchers That Helped Discover It
10/26/2023 Analysis of the Key Weaknesses and Exposures in the Identity Attack Surface
9/28/2023 Why SIEM is Difficult
9/26/2023 Uncovering Endpoint Compromise in Ransomware Attacks: Using Velociraptor to Investigate, Monitor, and Remediate Threat Activity
8/2/2023 Advanced Windows Security Logging with Sysinternals Sysmon 15: Tracking and Blocking PE Executable Files
7/25/2023 Stopping Attacks at the Windows Endpoint: The Lockdown Efficacy of Native Endpoint Management
6/22/2023 Beyond Active Directory: Protecting the Other 96% of Your Organization’s Passwords
6/20/2023 IOCs of Trusted Vendor Compromise: Learning from Common Attack Chain Techniques
6/8/2023 BlackLotus and the Untold Story of how UEFI Secure Boot Became a Gateway for Cyber Attacks on Millions of Servers
5/18/2023 Implementing Least Privilege in Linux – Sudo and Beyond
5/10/2023 Ultimate IT Security’s Ransomware Summit
5/4/2023 AD Password Security Deep Dive: NTLM, Kerberos, Hashing and Beyond
3/23/2023 What’s New in Kali Linux and the Latest Password Cracking Tools
3/16/2023 Breaking Down the Evolution of Ransomware Droppers Using Qakbot’s Use of OneNote as the Example
3/14/2023 A Look at Password Spraying Attacks and the Role of Weak Passwords
2/21/2023 Removing Endpoint Admin Rights from Technical Users: Stopping the Attack While Enabling the User
2/2/2023 Breakdown of a Phishing Attack: Dissecting the Uber and MailChimp Data Breaches Before and After the Inbox
1/26/2023 Surveilling Outbound DNS Queries to Disrupt Phishing and Cutting Off Malware from C&C
12/13/2022 Real-Time Analysis of Qakbot: A Detailed Look into the World’s Most Persevering Trojan
12/8/2022 Unpacking Black Basta: A Practical Look at the Newest Ransomware’s Attack Actions and Mitigations
12/1/2022 Beyond Root: How Flaws in UEFI Secure Boot Allow Remote Attackers to Run Malware Beneath the OS and Survive Clean Re-Install and Even Disk Replacement
11/29/2022 Hive Ransomware Walkthrough – from Initial Exploit and Infection to Detection and Investigation
11/17/2022 Exploring The Critical Blind Spots of Privileged Access: Service Accounts and MFA in Active Directory
11/15/2022 Privilege Escalation on Linux – Top Hacker Techniques to Get Root: Including Popular Automation Tools Such as LinEnum & LinPeas
11/8/2022 When the Bad Guy Needs More Than Just Credentials: Deep Dive Analysis of Multi-Factor Authentication Request Generation Attacks
10/19/2022 Ultimate IT Security’s Cyber Insurance Summit
10/13/2022 Top 6 Security Events You Only Detect by Monitoring Workstation Security Logs
10/6/2022 The World Wide Web of Risk: Mitigating the Risk of Vulnerable 3rd Parties and Business Partners
9/22/2022 The Importance of Configuration Management in Your Security Program When “Everything’s Everywhere, All at Once”
9/8/2022 Implementing a Least Privilege Management Framework on Windows and macOS Devices
9/6/2022 Multi-Staged JavaScript Malware Deep Dive: Walking Through Observed Attack Behaviors of Gootloader Delivering IcedID
8/18/2022 Active Directory Password Management: Understanding the Controls, Risks and Gaps
8/11/2022 Anatomy of a Zero Day: How Follina Tricks Word Into Running Arbitrary Code Even with Macros Disabled and Despite Protected View
8/4/2022 Understanding Logon Events in the Windows Server 2022 Security Log
7/28/2022 Firmware Turns Out to Be Soft and Squishy: 5 Reasons Why Firmware Attacks are the New Front in the Cyber War
7/21/2022 Linux Security Logging: Tracking a System User’s Footsteps as They Move Through the System
7/19/2022 Detecting and Stopping Ransomware at its Most Critical Step – Lateral Movement
6/30/2022 Tier Zero: What It Is, Its Importance, Its Boundaries, and Detecting Out-of-Bounds Activity
6/23/2022 Preventing and Detecting Modern PowerShell Attacks – MITRE ATT&CK T1059.001
6/16/2022 The Fine Art of Privilege Escalation Attacks on Windows Using winPEAS and Sherlock
6/2/2022 Using Lessons Learned from Noteworthy Vulnerabilities to Protect Your Organization Against Them
5/12/2022 Rook Ransomware Incident Lifecycle Deep Dive: Making Use of Defense-in-Depth for Early Ransomware Detection and Response
5/5/2022 Exploring the 3 Major Threat Detection Methods: Signature, Behavior, Machine Learning
5/3/2022 Hybrid AD Security: Everything to Know about Passwords in Azure and On-Prem Active Directory
4/7/2022 Identifying Benign Websites Is About to Get Harder: The Demise of the Alexa Top Million
3/31/2022 A Look at the Threat of Open Source Vulnerability Attacks Using Log4j as the Example
3/29/2022 A Real-World Look at Analysis, Detecting, and Preventing Two Types of Manual Lateral Movement in Active Directory Environments
3/22/2022 A Closer Look at Hacking Gamification and Hacking eSports Using Kali & Live Hacks of Linux and Windows
3/17/2022 A look at Cyberwarfare Actions and Detection Using HermeticWiper Malware as the Example
3/10/2022 All It Takes is One Account: Using Insecure Group Policy Objects to Demonstrate Real Attack Paths in AD
3/8/2022 Best Practices for Protecting Modern Applications and APIs Against Emerging Threats
2/24/2022 Understanding Security and Privileged Access in Azure Active Directory
2/22/2022 Banking Trojan Deep Dive: Exposing Obfuscation and Anti-Analysis Measures for Improved Detection Using Gootkit
2/10/2022 Top 5 Challenges with Scaling Out Windows Event Collection
1/27/2022 Detect When Your Domain is Phished: Top 10 Ways Attackers Mangle Your Domain Name
12/16/2021 You Can’t Protect Without Knowing What You Have: A Deep Dive into How to Leverage Complete Asset Visibility as the Foundation for Protecting Against Emerging Threats
12/7/2021 2021 Year in Review: Using Notable Vulnerabilities from this Year to Improve your Future Vulnerability Discovery and Remediation Efforts
11/30/2021 Exposing the Insecurity of Weak Passwords… and How it Helps the Threat Actor
11/11/2021 Solarmarker, Part II: A Security Analyst’s Perspective and Live Analysis on Threat Actions Taken
11/4/2021 It’s Complicated: The Special Risks of Password Spraying to AD and Azure AD and How to Prevent and Detect
11/2/2021 Ransomware-as-a-Service Breakdown: Auditing Conti and REvil TTPs Using the MITRE ATT&CK Framework
10/28/2021 A Deep Dive into Social Engineering-Enabled Insider Threats Using Real-World Examples
10/26/2021 The Role of Encrypted Communications in Attacks as You Approach Zero Trust
10/21/2021 Live Red Team vs. Blue Team Intrusion Simulation Using Wizard Spider
10/7/2021 AnchorDNS: How TrickBot Malware Hides C2 Inside DNS Traffic and How to Turn the Tables
10/5/2021 A Security Analyst’s Deep Dive Analysis of the Solarmarker Malware Dropper
9/28/2021 Best practices for securing Active Directory and Azure AD
9/16/2021 Protecting Linux Workloads in the Cloud: A Look into Ways Threat Actors Leverage Linux… and What to do About It
9/2/2021 Improving Incident Response Communications and Decision Making with a LockBit Attack Simulation as the Example
8/26/2021 Dealing with Ransomware Dwell Time: Investigating Days and Weeks of Threat Actions
8/24/2021 Protecting Your Active Directory from Ransomware using the NIST Cyber Security Framework
8/17/2021 Detecting Lateral Movement in the Cloud Using a Live Hack: From Phishing Gmail to Exfiltrating Customer Data
8/12/2021 Minimizing Your Attack Surface Risk with Mature Vulnerability Management Using Leading Best Practices
8/5/2021 Early Warning is Your Only Hope: Detecting Ransomware Before It’s Too Late Using MITRE ATT&CK
8/3/2021 Examining DFIR Techniques to Optimize Incident Response for the PrintNightmare Attack and Cobalt Strike
7/27/2021 Detecting Cybercrime Activity with Behavioral Analytics using REvil Ransomware Attacks as the Example
7/22/2021 Understanding the Risk of Supply Chain Attacks and Open-Source Libraries… And What to Do About It
7/15/2021 Turning the Tables: Exploiting Attacker Dependence on Malicious DNS Infrastructure
6/24/2021 The Colonial Pipeline and MITRE ATT&CK Tactic TA0040: IMPACT – The adversary is trying to manipulate, interrupt, or destroy your systems and data
6/15/2021 Aligning Security Controls with Leading Cybersecurity Frameworks Using MITRE Account Manipulation / Access Control TTPs as the Example
6/3/2021 Taking an Application-Centric Approach to Attack Surface Management with a Live Demonstration Showing How to Start Assessing and Analyzing Applications for DAST Vulnerabilities
6/1/2021 Learning How to Survive DarkSide Ransomware: From Initial Discovery Through Data Recovery Using the Colonial Pipeline Attack as the Example
5/25/2021 Aligning AD Security Best Practices to the MITRE ATT&CK Framework – Identifying and Protecting Where You’re Most Vulnerable
5/18/2021 Moving Laterally to the Microsoft 365 Cloud using a Simulated Domain Trust Modification Attack
5/13/2021 How 2 Overlooked Critical Technologies Can Provide the Preventive Controls Missing from Today’s Multi-Layered Defense Needs: Privilege Management and App Control
4/29/2021 Using New Events in Sysmon v13 to Detect Sophisticated Attacks
4/27/2021 Threat Hunting with Sigma Rules: Using Logs, Alerts, and Behavior to Detect APTs & TTPs
4/22/2021 Pivoting from Linux to Windows: Using Behavior to Detect Intrusions Involving Edge Devices
4/13/2021 Hacking the Endpoint From Zero to Full Domain Administrator Using a Crylock Ransomware and Exfiltration Attack Walkthrough
4/1/2021 Top 5 Ways Attackers Disguise C&C and Exfiltration Traffic: With a Special Look at Cobalt Strike Beacon
3/30/2021 Uncovering the Threat Potential of the Insider Breaches Using Real-World Email-Based Examples and Techniques
3/25/2021 SQL Server Attack Ride-Along: Detecting and Investigating a Database Attack Using Log and Trace Data
3/23/2021 Responding to a Reported Zero Day Exploit Using the Exchange Server On-Prem Hafnium Attack as the Example
3/16/2021 Demystifying Kubernetes Vulnerabilities Layer by Layer and How it Relates to Your Risk Management Program
3/11/2021 Don’t Be a Soft Target: The Reality of Recurring Cyber Attacks
3/9/2021 Cryptography Deep Dive: Understanding Key Management Risks and Technologies
3/4/2021 Dissecting the Golden SAML Attack Used by Attackers Exploiting the SUNBURST Backdoor
3/2/2021 Gaining Root Access: Exploiting Linux Using a New Heap Overflow Vulnerability
2/18/2021 Cloud = Linux: Top 8 Steps to Securing Linux in the Cloud
2/4/2021 Detecting Malicious Activity in the Public Cloud with Network Traffic Mirroring Using AWS as the Example
1/28/2021 Implementing an Email Security Strategy Using the MITRE ATT&CK Framework
1/21/2021 Why Traditional AV is failing: A Detailed Look into Obfuscation and Evasion Techniques That Fool Traditional AV
1/14/2021 SUNBURST: A Deep Dive into the Scariest Supply Chain Attack Yet
1/12/2021 Surviving a Compromise: Developing Critical Decision-Making Skills to Survive Attacks Like Sunburst
12/10/2020 Lessons Learned from a SOC Analyst: Automating the Detection, Alerting, and Remediation of Threats such as Ryuk, Cobalt Strike and Gh0st RAT
11/12/2020 Top 10 Windows Security Log Events to Monitor to Detect Lateral Movement
11/10/2020 Lessons Learned from a Professional Pen Tester: Top OS and Application Vulnerabilities and Deficiencies Found During Penetration Testing
11/5/2020 Anatomy of Sophisticated Business Email Compromise Attacks: Beyond Simple CEO Impersonation
11/3/2020 Anatomy of a Hack: Hands-on Red Teaming with the “Zerologon” Netlogon Elevation of Privilege Vulnerability with Mimikatz Integration
10/29/2020 Detecting and Preventing AD Authentication Risks: Golden Tickets, NTLM, Pass-the-Hash and Beyond
10/27/2020 Exploring the NIST Zero Trust Architecture with Linux Privileged Access as the Application
10/13/2020 Maze Ransomware Deep Dive: Using Threat Research Reports and MITRE ATT&CK to Turn Analysis into Action with Maze as an Example
10/8/2020 Dissecting Avaddon: From the Initial Malspam and Loader through Secondary Binary and Exploring their CnC to Find Additional Attacks
9/29/2020 Top 5 Security Tasks to Automate with PowerShell
9/10/2020 Filling the Gaps in Microsoft Teams Security
9/3/2020 Next Generation Windows Event Collection: How to Instantly Load Balance WEC Collectors without Waiting for Computers to See Group Membership Changes
9/1/2020 The Gophish Toolkit: Running a Phishing Assessment Against Your Organization to Identify Technical and Social Engineering Weak Spots
8/25/2020 Top 4 Active Directory Security Issues from 2 Years of Security Assessments
8/20/2020 Keeping Pace with Ransomware Tactics and Strategies: Lessons Learned from 1 Year of Attacks by WastedLocker, Maze, Evil Corp, NetWalker, et al
8/13/2020 DNS Threat Hunting: Exploiting Your Adversaries Dependence on Domain Names
8/11/2020 Tales from the Trenches: One Red Team’s Experiences Breaking into Networks for a Living
7/30/2020 EXPLOITING F5 BIG-IP: Deconstructing This Simple but Deadly Unauthenticated Remote Code Exploit and Why It’s More Than Just an F5 Issue
7/23/2020 Threat Hunting: Real Intrusions by State-Sponsored and eCrime Groups
7/9/2020 Anatomy of an Exploit: SMBGhost/CoronaBlue – How “Chompie” Achieved Unauthenticated Remote Code Execution Despite Windows 10’s Near Perfect Address Randomization
6/18/2020 Beyond Signatures: 6 Contextual and Human Intelligence Methods for Detecting Phishing and BEC
6/16/2020 Postmortem of Two Real World Attacks: 1) Fast-moving Ransomware 2) Webshell-based Data Exfiltration
6/9/2020 Anatomy of a Hacker Group: APT29 (aka Cozy Bear)
5/28/2020 Anatomy of a Citrix Hack: S**trix. Hands-on with Understanding, Detecting and Red Teaming this Exploit
5/14/2020 Top 9 Network Security Vulnerabilities Common to the Cloud
5/7/2020 Extra Vigilance: Top 3 Ways to Adapt Your Security Log Monitoring for the Surge in Working from Home
5/5/2020 Exploring 5 Techniques from the MITRE ATT&CK Cloud Matrix Specific to O365
4/30/2020 Reducing Your MITRE ATT&CK Surface by Denying Admin Authority
4/16/2020 Double Edged Sword: Employing and Exploiting Machine Learning and AI by Red and Blue Teams
3/26/2020 Security Log Deep Dive: Mapping Active Directory Authentication and Account Management Events to MITRE ATT&CK TTPs
3/19/2020 Top 7 Best and Worst Ways to Avoid Alert Fatigue
3/17/2020 Anatomy of a Linux Hack: Skidmap Leverages Cron Jobs, PAM, Kernel Modules, and More
3/12/2020 Passive Inventory of Security Risks, Endpoints, Applications and Cloud Usage through Network Traffic Analysis
3/5/2020 4 Trending Phishing Techniques: Real Life Examples and Tips for Detection
2/20/2020 Case Study: 11 Real World Examples of Actual Data Compromised on the Dark Web
2/13/2020 Password Spray & Credential Stuffing: Protecting Active Directory From User Password Re-Use and Harvested Password Attacks
1/30/2020 Remediate or Re-Install? 3 Steps for Surgical Removal of Malware Using the Latest Emotet as a Subject
1/28/2020 Beyond Commodity Malware: Catching the Human Attacker Controlling a Compromised Endpoint
1/23/2020 Active Defense: 7 Ways to Seize the Initiative and Get Out in Front of Threats
1/21/2020 Top 10 Event Categories to Monitor in the Windows Server Event Log
12/12/2019 Beyond IP/Hash/Domain: Leveraging Threat Feed Metadata for Better Context and Accuracy
12/10/2019 How to Secure Privileged Session Access to Cloud-based VMs; Hint: Don’t Expose SSH/RDP to the Internet
12/3/2019 Dissection 101: Step-By-Step Static Analysis of Unknown PE files (EXE) to Recognize Malware and Assess Impact
11/26/2019 Understanding SCIM for Identity Provisioning between Clouds and… Everything
11/19/2019 Are Firewalls Dead? Not by a Long Shot - But We Need to Make Some Changes
11/12/2019 PCI and the Windows/AD Environment: Understanding the 12 Requirements of the Data Security Standard in Context
11/7/2019 Data Loss Detection: Finding Your Data on the Dark Web and Beyond
11/5/2019 Anatomy of a DNS Hijacking: The Fascinating Case of the Sea Turtle Campaign
10/31/2019 Understanding Windows Event Collection (WEC/WEF): Planning, Troubleshooting and Performance Monitoring
10/24/2019 Detecting Insider Threats in Office 365 and Hybrid AD
10/22/2019 MacOS and Security: Understanding MacOS Malware and Attacks
10/10/2019 Anatomy of an Attack: MitM into O365, defeat MFA, then Lateral Movement into On-Prem
10/1/2019 Anatomy of RDP Exploits: BlueKeep, DejaBlue, MetaSploit and the Many Lessons To Be Learned
9/26/2019 Pushing the Limits of Network Security Monitoring: 5 Real-World Scenarios
9/19/2019 Access Hoarders, Group Sprawl and Permission Creep: Cleaning up AD
9/10/2019 Exploiting Your Adversary’s Weak Spot: DNS Domain Names – A Natural Fit for SOAR
9/5/2019 Kubernetes Audit Logging: Containerized Apps are Only as Secure as the Cluster Where They Run
9/3/2019 Understanding Active Directory Authentication Events in the Windows Security Log and Beyond
8/20/2019 Cloud VMs: Understanding and Securing the Multiple Routes to Privileged Access
8/15/2019 Detecting Persistence: Top 9 Security Changes to Monitor on Windows Server
8/6/2019 Top Indicator an Application Has Been Pwnd: Starting a LOLBin
8/1/2019 Fully Mapping Your Internet Facing Attack Surface
7/23/2019 Using Honeypot Accounts and Hashes in Active Directory to Detect Pass-the-Hash & Credential Theft
7/11/2019 5 Steps to Keeping Firewall Rules Up-to-Date and Secure
7/9/2019 Rethinking Active Directory Password Security – New Guidance from NIST Brings Long Needed Changes to Password Best Practices
7/2/2019 Auditing Active Directory Changes with the Windows Security Log
6/18/2019 Azure & O365 Audit Logging: 8 Events Across the Stack That You Want to Know When They Happen
6/11/2019 Threat Detection and Hunting for 5 of the Most Common MITRE ATT&CK Techniques: Connection Proxy, Service Execution, Exfiltration, Masquerading, Drive-by Compromise
6/4/2019 Artificial Intelligence & Machine Learning Applied to Infosec: Cutting Through the Hype by Looking at a Real-World Working Example In-Use Right Now
5/30/2019 Top 4 Most Dangerous Applications on Every Endpoint; Fighting Back with Detective and Preventive Controls
5/23/2019 Building a Resilient Logging Pipeline: Windows Event Collection Tips and Tricks for When You Are Serious About Log Collection
5/21/2019 Container Security Fundamentals: How Containers Work in Linux and Docker, How They Differ from VMs and What It Means to Security
5/2/2019 How to Prove Your Firewalls Actually Do What You Intend Using Multiple Vantage Points and Tools from Kali Linux
4/30/2019 Exploring Windows Server’s Data Classification Infrastructure to Find Private Data and Comply with GDPR, et al
4/25/2019 AD Attack Deep Dive: Gaining Persistence using DCSync and DCShadow with Mimikatz
4/23/2019 Osquery Deep Dive: Doing Low Level Analytics and Monitoring for Windows/Linux/macOS
4/16/2019 Preparing for Total Annihilation of Your Infrastructure
4/11/2019 Deciding Which Security Event Logs to Collect and How to Process Them in Your SIEM and Beyond
4/9/2019 How Modern Single Page Web Applications Break Traditional Application Vulnerability Scanning
3/28/2019 Detecting Threats in Encrypted Traffic on Your Global Network without Breaking the Law
3/26/2019 SIEM Delivery Models: Where Do Today’s Risks and Future Technology Point?
3/21/2019 Malicious Traffic: Understanding What Does and Doesn’t Belong on Your Unique Network
3/19/2019 Anatomy of a Hack: How TEMP.Mixmaster Attackers Use TrickBot and Ryuk To Poach Big Game
3/14/2019 Emotet: Dissecting the Info Stealing Trojan That Keeps Going
3/12/2019 Detecting When Attackers Use Trusted Windows Components Like cmd, powershell, wmic, mshta, regsvr32 for Malicious Operations
3/7/2019 Securing Privilege Outside the IT Department: High Value Transactions, Vulnerable Applications and Access to Critical Information
2/28/2019 5 Steps to Comprehensively Mapping Your Attack Surface
2/26/2019 Understanding and Managing Organizational Units and Groups in Active Directory
2/7/2019 Staying Open for Business Against DDOS Attackers Requires More than Just Blocking Traffic
1/29/2019 Closing the Loop: Detecting Vulnerabilities is Great but Risk Only Decreases After Remediation
12/18/2018 Building MITRE ATT&CK Technique Detection into Your Security Monitoring Environment
12/11/2018 A Compromised Entity is Detected: 3+ Ways to Automatically Contain the Threat
12/6/2018 The Year in Review: From the Totally New Spectre & Meltdown to Pathetically Old Flash; There's Plenty to Learn from 2018
11/27/2018 Checking your Application Against the OWASP Top 10 Security Risks
11/8/2018 Dabble or Deep Dive: 7 Different Threat Hunts You Can Do With Available Resources
11/6/2018 AWS Network Security Deep Dive: Providing Network Protection for AWS Cloud Resources
11/1/2018 Detecting Targeted Spearphishing Campaigns in the Preparation Phase
10/30/2018 Managing File Share Security on Windows Servers
10/16/2018 Top 10 Steps to Hardening Linux Systems
10/11/2018 Tracking Group Membership Changes in Active Directory
10/9/2018 Managing Local Administrator Accounts with LAPS; And Protecting LAPS from Attack
10/4/2018 Why Multi-factor Authentication Can’t Prevent Pass-the-Hash Attacks and Alternative Mitigation Methods
10/2/2018 4 Threat Detections using Active Directory Authentication Events from the Windows Security Log
9/25/2018 Understanding How Attackers use Malicious JavaScript
9/13/2018 Which User and What Program Sent This Packet, and Should I be Concerned? Correlating Network Security Alerts with Host Logs for Full Traffic Attribution
9/6/2018 Seeing Inside Encrypted Traffic: Blocking Threats and Enforcing Policy While Preserving Security, Compliance and Performance
8/30/2018 5 Ways to Respond Faster and Automate Security through 2-Way Integration Between SIEM and IAM
8/28/2018 Office Macro Exploitation: Mitigating and Threat Hunting This Widely Exploited Vector
8/23/2018 How Attackers Exploit the Windows Registry for Persistence, Hiding File-less Malware, Privilege Elevation and More
8/21/2018 Anatomy of a Hack: How Cryptojacking Works, Why It’s Growing, Its Risks and Detection
8/16/2018 Migrating to the Cloud? Don’t Forget Your Firewalls
7/24/2018 Using YARA to Describe, Classify and Search for Malware
7/19/2018 Understanding OneDrive for Business Security and Monitoring
7/17/2018 Correlating DHCP, DNS and Active Directory data with Network Logs for User Attribution
7/12/2018 Migrating from Shared Accounts to the Dual Account Model to Manage Risk, Enforce Accountability and Facilitate Behavior Analytics for Privileged Account Activity
6/21/2018 “Wait… That’s Not How Susan Types. Kill that Session Now!”: 8 Ways to Analyze Privileged Sessions to Identify Your Most Suspicious Activity.
6/19/2018 When Your SIEM Cries Wolf Too Many Times: Addressing Alert Fatigue with Security Automation and Orchestration (SAO)
5/31/2018 Threat Hunting with DNS Domain Names Collected from All Over Your Network
5/17/2018 Quantifying Potential Lateral Movement Exposure for Privileged Accounts in Active Directory
5/10/2018 Anatomy of an Attack: How the Bad Guys Use Certutil and MSBuild to Stay Below the Radar
5/8/2018 Identifying Abnormal Authentication: Associating Users with Workstations and Detecting When Users (Try to) Logon to Someone Else’s Workstation
5/3/2018 Linux Security Deep Dive: How LD_PRELOAD Makes It Possible to Audit and Control Root Users
5/1/2018 Top 8 Factors to Analyze to Determine the Real Risk of a Vulnerability: CVSS Score Is Only the Beginning
4/26/2018 Anatomy of an Attack: How Password Spraying Exploits Weak Passwords So Effectively
4/19/2018 5 Ways to Use System Status, Availability and Performance Data to Enhance Security Monitoring
4/12/2018 3 Ambiguities in One Simple Rule: How to Stop Writing Firewall Rules and Start Controlling Network Security Based on Your Actual Intent
4/4/2018 Understanding Alternative Technologies for SMB Fail-Over Disaster Recovery for On-Prem Servers
3/29/2018 Top 3 Workstation Logs to Monitor for Early Detection of Attacks: Security Log, PowerShell, Sysmon
3/27/2018 Top Windows Security Log Events for User Behavior Analysis
3/22/2018 What’s New in SQL Server Audit Logging: SQL Server 2016 SP1, 2017, Linux and Azure
3/13/2018 Using VirusTotal for More than Simple AV Checks: How to Leverage Their Big Data to Threat Hunt in Your Network
3/8/2018 How to do Logon Session Auditing with the Windows Security Log
2/27/2018 Shortening the Risk Window of Unpatched Vulnerabilities
2/20/2018 Anatomy of 3 DDoS Attacks: Volumetric, Network, Application
2/15/2018 Detect and Monitor Threats to your Executive Mailboxes with Exchange Mailbox Auditing
2/13/2018 Network Segmentation: Implement Roadblocks on the Attack Surface, Stop Malicious Spread
2/8/2018 Integrating Linux with Active Directory for Users, Groups, Kerberos Authentication, and even Group Policy
2/6/2018 Understanding Spectre and Meltdown: The Facts, How to Mitigate, Where We Go from Here
2/1/2018 How to Analyze Logon Attacks with the Windows Security Logs
1/30/2018 Top 12 Events to Monitor in the Windows Server Security Log
1/25/2018 How the NIST Cybersecurity Framework Works: Tiers, Profiles, Functions and Categories
1/18/2018 Using File Integrity Monitoring to Catch Imposter EXE/DLL Replacements and Tampering – Without the Noise
1/11/2018 Top 7 Indicators a Domain is Malicious
1/9/2018 Where to Protect Privileged Sessions with MFA: 1) Direct Integration, 2) at Privileged Access Management, 3) at Federated SSO/CASB or 4) with NGFW Reverse Proxy?
12/7/2017 Using Message Tracking Logs from Office 365 to Detect and Respond to Phishing Attacks
12/6/2017 6 Ways to Evaluate Firewall Change Requests to Ensure Security and Compliance and Prevent Risk Creep
12/5/2017 Pre-empting Mimikatz Attacks on Privileged Accounts Using Password Isolation Human Presence MFA
11/14/2017 Building a Secure Hosting Environment for Red Forest Domain Controllers
11/9/2017 6 Steps for Firewall Assessment for Compliance and Security
11/2/2017 Preparing for the Disgruntled Privileged User: 3+ Ways They Can Hose Your Environment in Minutes
11/1/2017 Integrating Identity and Authentication Events to Improve SIEM Threat Detection
10/31/2017 Connecting the Dots Between Indicators of Compromise to See the Whole Attack
10/26/2017 Admin/Admin and Other Signs You’re Headed for an “Equifiasco”
10/24/2017 DNS Deep Dive: How Attackers Use DNS to Find C2 Servers, Control Compromised Systems, and Exfiltrate Your Data
10/19/2017 ArcSight’s WUC and WiNC with Native Windows Event Collection: How to Get Events into ArcSight Without the Pain
10/17/2017 3-Dimensional Security Monitoring for Azure Virtual Machines in the Cloud: Auditing the Control, Data and Windows Planes
10/12/2017 10+ Up-To-Date Ways to Harden Windows Against Modern Active Directory Attacks
10/5/2017 Monitoring Privileged Accounts with the Windows Security Log to Catch Lateral Movement by Mimikatz and other Credential Harvesting
9/28/2017 3 Modern Active Directory Attack Scenarios and How to Detect Them
9/26/2017 Linux Security: Top Files and Directories to Monitor in Linux to Catch Attackers
9/21/2017 How Hybrid Clouds Connect to Your Network; Understanding and Mitigating the Risks of VPN-to-Cloud and Cloud Application Gateways
9/19/2017 Top 5 Ways for Analyzing Entitlements and Identifying High-Risk
9/14/2017 Tracking Access, Sharing and Administration of Files in SharePoint Online and OneDrive for Business
9/7/2017 XPath Deep Dive: Building Advanced Filters for Windows Event Collection
8/31/2017 Profiling Your Attacker: How to Take a Single Domain or IP and Map Out the Infrastructure of a Bad Actor
8/29/2017 WSUS vs. SCCM: Which is the best way to go for security patching?
8/24/2017 Regulating Privileged Access: When to Require Human Approval Workflows
8/23/2017 Getting all Your Security Information Into One Place and Searching It Like Google
8/22/2017 Correlating Vulnerability Scans with Network Path Analysis to Find and Remediate the Biggest Risks to Your Network and Avoid Wasting Time on the Little Ones
8/17/2017 QRadar WinCollect and Native Windows Event Collection: How to Do It Right, Filter the Noise and Simplify your Infrastructure
8/15/2017 Understanding Azure Log Integration (AzLog): Microsoft’s New Tool for Bringing Azure Visibility to Your SIEM
8/3/2017 Ransomware: Attack Methods Being Used to Evade Antivirus and Next Gen Firewalls
7/27/2017 Something Worse Than Ransomware: Architecting for a New Breed of Malware that Simply Destroys
7/20/2017 Understanding Office 365 Logon Events to Catch Intrusion Attempts
7/13/2017 Forget Recovering from Ransomware; Modern Backup Technology can Detect Ransomware
6/29/2017 How RSA SecurID® Access Blends Dynamic Risk Analytics, UX and Flexibility to Make Strong Authentication More Convenient
6/27/2017 How to Secure Group Policy, Detect Unauthorized Changes, Prevent Configuration Disasters and Recover When Necessary
6/22/2017 My Roadmap for Helping You Monitor Workstations for Early Detection of APTs and Ransomware
6/6/2017 Top 5 Risks of “Dirty” Firewalls
5/30/2017 How to Monitor Active Directory Changes for Free: Using Splunk Free, Supercharger Free and My New Splunk App
5/25/2017 Non-Malware Attacks: How to Speed Up Your SOC by detecting and responding to “File-less” attacks on Endpoints
5/23/2017 Using Sysmon v6.01 to Really See What’s Happening on Endpoints; It’s Better than the Windows Security Log
5/18/2017 Top 6 Active Directory Infrastructure Risk Findings
5/16/2017 LogRhythm and Native Windows Event Forwarding: How to Do It Right, Filter the Noise and Simplify your Infrastructure
5/11/2017 Understanding Proxy-Based Privileged Password/Session Management
4/27/2017 Step-By-Step Incident Response for Top 3 Security Scenarios
4/25/2017 Integrating Splunk with native Windows Event Collection (WEC) and Optional 2-Stage Noise Filtering
4/20/2017 How to Detect 2 Computers on Your Network Talking to Each Other for the First Time and Why It Matters
4/18/2017 Protecting Active Directory from Malicious and Accidental Destruction: When Recycle Bin Isn’t Enough
4/13/2017 Implementing WSUS to Deploy Microsoft, 3rd Party and Custom Patches across Your Enterprise
3/30/2017 Bridging the Gap between Cloud 2-Factor Authentication and On-Premise Resources using RADIUS
3/23/2017 Detecting Unauthorized Changes Originating in Azure Active Directory and Limiting Impact to On-Prem AD
3/21/2017 Managing Large Windows Event Collection Implementations: Load Balancing Across Multiple Collectors
3/16/2017 Detecting Lateral Movement with New Events in the Windows Server 2016 Security Log
3/9/2017 Systematically Identifying Absolutely Every Privileged User and Detecting New Ones
2/28/2017 Building the Ultimate Active Directory Domain Controller Security Environment
2/23/2017 It’s Time to Unleash the Power of Native Windows Event Collection
2/21/2017 Malicious or Innocent: How to Investigate Account Lockouts in the Active Directory Environment
2/16/2017 Understanding Security and Privileged Access in Azure Active Directory
2/9/2017 PowerShell Empire is the Proof that We Need to Prevent Attacks Instead of Just Searching for Malware
2/7/2017 Top 6 Findings in 2016 from Analyzing Firewalls, Email Security Appliances, Endpoints, Honeypots and Multiple Sandbox Engines
1/31/2017 Solid State Drives (SSD) Secure Data Removal Deep Dive: What it Takes to Really Make the Data Go Away
1/24/2017 Configuring Linux and Macs to Use Active Directory for Users, Groups, Kerberos Authentication and even Group Policy
1/12/2017 Understanding “Red Forest”: The 3-Tier Enhanced Security Admin Environment (ESAE) and Alternative Ways to Protect Privileged Credentials
12/14/2016 The San Fran Muni Ransomware Attack: What Really Happened and What We Learn from the Criminal Who Himself Got Hacked
12/8/2016 Locking Down Linux: AppArmor vs SELinux
12/6/2016 How to Detect Unauthorized Queries Against Sensitive SQL Databases without all the Noise of the Trusted Application
11/30/2016 Good Linux Security Needs File Integrity Monitoring
11/17/2016 Monitoring changes and access events in AD and Azure AD. What is similar and what is different? How do synchronization and federation play in?
11/15/2016 How to Audit Privileged Operations and Mailbox Access in Office 365 Exchange Online
11/3/2016 Monitoring Active Directory Changes for Compliance: Top 32 Security Events IDs to Watch and What They Mean
11/1/2016 Deploying Honeynets Outside and Inside Your Network and Integration with Your SIEM
10/27/2016 14 Group Policy Security Risks and How to Control them
10/25/2016 Understanding Office 365 Unified Audit Logging
10/20/2016 How to Detect SQL Server Hacking without Crippling Performance or Impacting Availability
10/13/2016 Leveraging SCCM to Manage the Security of Your Endpoints
9/28/2016 Centralizing Sudo Management for Securing Linux and UNIX
9/27/2016 How Sandboxes Detonate-to-Detect Malware and How Malware Evades Sandboxes
9/20/2016 25 User Behavior Analytics that Indicate Malicious Insider or Compromised Account
9/15/2016 Coping with the Challenges of Exchange Mailbox Auditing
9/8/2016 When and Why Encryption Doesn’t Protect Your Data Against Malware
8/30/2016 How to Monitor File Access to Detect Any Ransomware – “Look Ma, No Signatures!”
8/25/2016 Why Best Practices like RunAs and 2-Accounts Don’t Protect Admin Accounts Against Modern Endpoint Threats
8/16/2016 Top 8 Things to Analyze in Outbound Packets to Detect Compromised Systems
7/28/2016 How the SWIFT Hack Went Down and How to Benefit from the Lessons Learned
7/26/2016 SIEM Integration with SharePoint: Monitoring Access to the Sensitive Unstructured Data in SharePoint
7/21/2016 Top 7 Ways to Protect Admin Passwords from Theft via Pass-the-Hash and Other Attacks
7/19/2016 Implementing Win 2012 R2 Authentication Silos and the Protected Users Group to Protect Privileged Accounts from Modern Attacks
7/14/2016 Filling the Gaps in Active Directory Monitoring
6/28/2016 Getting Control of Employee Web Access with Proxy Server and Next Generation Firewall Technologies
6/9/2016 Designing a Multi-layered Active Directory Security Infrastructure
6/2/2016 Top 8 Security Features in Skylake PCs
5/26/2016 DNS Security: How to Detect Compromised Endpoints by Analyzing DNS Activity from Your DNS Server Logs and Network Activity
5/12/2016 Leveraging your SIEM to Catch and Respond to Ransomware Before It Spreads
4/28/2016 What One Digital Forensics Expert Found On Hundreds of Hard Drives, iPhones and Android Devices
4/25/2016 Enterprise Targeted Ransomware is Just Getting Started: Here’s How to Get Ahead of the Curve
4/21/2016 Doing Multi-Factor Authentication Right the First Time: 8 Technical Requirements
4/19/2016 Monitoring Group Membership Changes in Active Directory
4/14/2016 Auditing Permission Changes on Windows File Servers and NAS Filers
3/31/2016 Understanding OpenID Connect and OAuth v2.0: How They Work and How to be Secure
3/24/2016 6 Steps to Determine if an Unknown Program is Safe or Malicious
3/15/2016 Hybrid Directory Governance: Understanding How Security Works in a Hybrid Active Directory Environment of On-Premises AD / Azure AD and Office 365
3/10/2016 Decommissioned Hard Drives: How To KNOW your Data is Destroyed without Creating Toxic Waste or High Cost
3/3/2016 Defending the Top 8 Most Targeted Applications on Windows Endpoints
3/1/2016 Who’s Attacking Your Database? Monitoring Authentication and Logon Failures in SQL Server
2/25/2016 Extending the Kill Chain with lateral movement on 5 Windows Systems Using Multiple Intrusion Techniques
2/16/2016 PowerShell Audit Logging Deep Dive: Catch Intruders Living off the Land and Enforce Privileged User Accountability
2/3/2016 Protecting Mac OS X from Privilege Elevation Attacks and Related Endpoint Security Risks
1/21/2016 Severing the Horizontal Kill Chain: Using Micro-Segmentation in Your Virtualization Infrastructure to Prevent Attackers from Jumping from VM to VM
1/19/2016 How One Organization Brought 800 Desktops into Compliance while Eliminating Overtime, Downtime and Staff Expansion
1/12/2016 What Have We Learned from Recent Breaches: 8 Lessons to Take to Heart
12/17/2015 2015 Community Survey Highlights
12/15/2015 Implementing Windows AppLocker in Audit Mode for Immediate Detection of Unauthorized Programs, Scripts and Software Installation
12/10/2015 Understanding Mobile Device Management: iOS and Android, BYOD and Company-Owned
12/8/2015 3 Authentication Scenarios that Demonstrate Why Federation Really is Safer
12/3/2015 Detect and monitor threats to your executive mailboxes with Exchange mailbox auditing
12/1/2015 Deep Packet Inspection for SSL: How to Defeat Intruders Hiding their Communications Inside Encrypted Channels
11/19/2015 Monitoring What Your Privileged Users are doing on Linux and UNIX
11/17/2015 Windows BitLocker Encryption Deep Dive: How it Works and How to Fulfill Enterprise Management and Compliance Requirements
11/12/2015 Dealing with the Drudgery of Patching Java and Mitigating the Risks of Java
11/4/2015 Hardening Windows Endpoints with Standards-based Configuration Management: USGCB vs CIS Benchmarks and Beyond
11/3/2015 What’s New in the Windows 10 Security Log
10/29/2015 Understanding the NIST Cybersecurity Framework: Different, Scalable and Practical
10/27/2015 PowerShell Attack Scenarios: How Attackers Do It and How to Detect
10/20/2015 Exploring the New FTP Security Enhancements in IIS
10/15/2015 Ransomware Deconstructed: Beyond CryptoLocker and into the World of Crowdsourced Malware
10/14/2015 Top 12 Workstation Security Controls
10/8/2015 5 Indicators of Evil on Windows Hosts using Endpoint Threat Detection and Response
10/1/2015 Live Hacking: Recovering Confidential Data from a Re-Formatted Hard Drive; How to Really Erase Data
9/29/2015 Understanding Identity and Access Management Compliance Requirements for PCI, HIPAA, SOX and ISO 27001
9/17/2015 Detecting New Programs and Modifications to Executable Files with Windows File Access Auditing and File Integrity Monitoring
9/15/2015 Windows 10 Device Guard Deep Dive: Using Code Integrity to Stop Mal-Agents
9/10/2015 Top 12 Most Damaging Active Directory Security Malpractices
9/8/2015 Using Capture the Flag and Security Simulations to Improve Response Time, Hone Skills and Find Vulnerabilities
8/27/2015 How to sudo it right in Linux and Unix for security, manageability, compliance and accountability
8/25/2015 Prioritizing the SANS 20 Critical Security Controls to Solve Endpoint Security Risks
8/18/2015 Monitoring Privileged Access on SQL Server
8/13/2015 Stopping Exfiltration of Files without Stopping the Flow of Business
7/30/2015 Anatomy of a Hack Disrupted: How One SIEM’s Out-of-the-Box Rules Caught an Intrusion and Beyond
7/28/2015 Under the Hood with Windows 10 Security
7/23/2015 No Account Left Behind: Cleaning up users accounts and reducing risk
7/21/2015 Beyond Root: Securing Privileged Access in Linux with Sudo
7/16/2015 Using Splunk and LOGbinder to Monitor SQL Server, SharePoint and Exchange Audit Events
7/14/2015 Fixing One of the Weakest Links in Security: Insecure File Transfers between Systems
6/30/2015 Top 10 Indicators of Tampering with Privileged Accounts
6/11/2015 Monitoring Security Logs from VMWare vCenter and ESXi
6/4/2015 Top 10 Tasks to Automate in Active Directory to Save Time, Prove Compliance and Ensure Security
5/28/2015 Windows Security Log Deep Dive: Understanding Kerberos Authentication Events from Domain Controllers
5/7/2015 2 Factor, SSO, Federation and Cloud Identity are Awesome but it’s all for Naught if You Leave this One Backdoor Open
5/5/2015 Protecting AD Domain Admins with Logon Restrictions and Windows Security Log
4/30/2015 Protecting Active Directory from Malicious and Accidental Destruction: When Recycle Bin Isn’t Enough
4/28/2015 SharePoint Defense-In-Depth Monitoring: What to Watch at the App, DB and OS Level – and How?
4/16/2015 Understanding Privileged User Compliance Requirements for PCI, HIPAA, SOX and ISO 27001
4/7/2015 Protecting FTP Servers Exposed to the Internet
3/26/2015 Protecting Web and Cloud Apps with Dynamic Controls: IP Restrictions, Tokens, Authenticator Apps, SMS Messages and More
3/24/2015 Rev Up Your SIEM with These Top 8 High Value Security Event Sources
3/5/2015 Patching Acrobat and Adobe Reader with System Center Configuration Manager
2/26/2015 How to Use and other Threat Intelligence Feeds with Your SIEM
2/24/2015 Anatomy of a Data Breach: Tracing a Case of Unauthorized File Access with the Windows Security Log
2/19/2015 Eliminating FTP: Securing File Transfers with Secure Shell for Encryption and Compliance
2/10/2015 Solving Windows 2003 End of Life Security Risks: Migration Strategies and Compensating Controls for Beyond July 14, 2015
1/29/2015 Managing Mailbox Audit Policy in Exchange 2013
12/16/2014 Pre-empting Pass-the-Hash Attacks on Windows Systems
12/11/2014 How to Monitor Network Activity with the Windows Security & Firewall Logs to Detect Inbound and Outbound Attacks
12/9/2014 Setting up Internal Linux and Windows Honeypots to Catch Intruders
11/18/2014 Shellshock 101: What is Bash? How do Shellshock attacks work? Where are you still vulnerable? How to fix?
11/13/2014 Addressing the Risk of Unpatched Virtual Machines: Live, Offline and Template
11/6/2014 Early Detection: Monitoring Mobile and Remote Workstations in Real-Time with the Windows Security Log
10/16/2014 Not Monitoring SQL Server with Your SIEM is Close to Negligent: What are Your Options?
10/9/2014 Spotting the Adversary with Windows Event Log Monitoring: An Analysis of NSA Guidance
9/18/2014 Correlating Tactical Threat Data Feeds with Security Logs for More Intelligent Monitoring
8/28/2014 How to do Logon Session Auditing with the Windows Security Log
8/21/2014 Catching Web Based Attacks with W3C Logs from IIS and Apache
8/19/2014 Using System Center Configuration Manager 2012 R2 to Patch Linux, UNIX and Macs
7/14/2014 Windows Security Log File Access Auditing Deep Dive
6/17/2014 Top 10 Things to Secure on iOS and Android to Protect Corporate Information
6/10/2014 Specific Security Monitoring Lessons Learned from: Target, Nieman Marcus, Sony and other breaches
6/5/2014 Exploring Win2008/2012’s Windows Event Collection Service
6/3/2014 Detecting Information Grabs of Confidential Documents in SharePoint
5/22/2014 5 Ways to Protect XP beyond End-of-Life 0-Day Exploits: EMET, DEP, Attack Surface Reduction and more
5/20/2014 Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS
5/15/2014 Getting Control of Linux/Unix with Sudo and AD Integration
5/13/2014 Using Regex to Find Sensitive Data on Your Network
4/22/2014 7 Steps to Implementing Information Owners Over Unstructured Data
4/8/2014 Windows 2003 End of Life: Top 8 Reasons to Start Planning NOW
3/27/2014 5 Real World Scenarios for Correlating Host and Network Events to Catch Violations and Intrusions
3/19/2014 Careto: Unmasking a New Level in APT-ware
3/18/2014 Eliminating Permanent Privileged Authority: Making the Switch to Just-In-Time Access
3/4/2014 Application Security Intelligence: The Next Frontier in Security Analytics - Bridge the Gap between Applications and SIEM
2/20/2014 Preparing for the Inevitable: How to Limit the Damage from a Data Breach by Planning Ahead
2/18/2014 Data and Access Governance: Top 6 Areas to Make Sure Are Covered
2/13/2014 2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and the Cloud
2/11/2014 Top 10 Security Changes to Monitor in the Windows Security Log
1/30/2014 How to Extend Secure SharePoint Access to Consultants, Customers, Vendors and Business Partners
1/23/2014 Stopping APTs with One-Time Passwords
1/21/2014 Analyzing Logon Failures in the Windows Security Log
1/9/2014 Getting Unstructured Data Under Control for Security and Compliance
11/7/2013 Adobe Hacked Again: What Does It Mean for You?
10/30/2013 Support for Windows XP is Shutting Down for Good: Stay Secure Beyond the End of Life
10/10/2013 Daily Security Log Check for the SMB IT Admin
9/19/2013 Real World Defense Strategies for Targeted Endpoint Threats
9/18/2013 Bridging the Gap between Network and Endpoint Security
7/18/2013 Java Insecurity: How to Deal with the Constant Vulnerabilities
6/25/2013 Tracking an End-User’s Activities through the Windows Security Log and Other Audit Logs
6/19/2013 Implementing ADFS for Single-Sign On to Office 365: Must It Be So Complex?
6/18/2013 Top 6 Security Events to Monitor in SQL Server
6/12/2013 APT Confidential: 14 Lessons Learned from Real Attacks
5/16/2013 Protecting Local Admin Authority on Windows Servers
5/9/2013 Detecting Non-Owner Mailbox Access with Exchange Mailbox Auditing
4/18/2013 Windows Server 2012 Auditing Deep Dive: Claims, Dynamic Access Control, Centralized Permissions
4/16/2013 Reflective Memory Attacks Deep Dive: How They Work; Why They’re Hard to Detect
3/5/2013 Top 9 Mistakes of APT Victims: What They Are and What You Can Do To Prevent Them
2/20/2013 Bit by Bit Analysis of a Java Zero Day Exploit: Methods and Lessons Learned
1/29/2013 WSUS for Secure Patching: Top Tips, Tricks and Scripts for Overcoming Limitations and Challenges
1/24/2013 Office 365 Security: Leveraging Active Directory and Integrating with Other Clouds
1/15/2013 File Access Auditing in Windows Server 2012
1/9/2013 My Rosetta Audit Logging Kits for ArcSight are Here
12/11/2012 Will the Collision of Cloud and BYOD Destroy Everything You’ve Worked for In Active Directory?
12/4/2012 Keeping Bot Herders off Your Servers and Breaking the Lateral Kill Chain of Today’s Attackers
11/29/2012 Linking Logon to Logoff and Everything in Between with the Windows Security Log
11/14/2012 Windows 8 Is Coming to a BYOD Near You: Are the New Security Features Enough?
10/3/2012 Code Signing Debacle 2.0: A Hacked Adobe Server and Its Impact on Us All
9/28/2012 UNIX/Linux/Mac Integration with Active Directory: Understanding the 5 Possible End States
9/27/2012 Using Logs to Deal With the Realities of Mobile Device Security and BYOD
9/19/2012 10 Steps to Cleaning Up Active Directory User Accounts and Keeping Them that Way
9/18/2012 Stopping the Adobe, Apple and Java Software Updater Insanity
7/24/2012 Dousing the Flame: How This Tom Clancy-Esque Attack Worked and What Should You Really Do to Protect Against It
5/15/2012 Understanding Exchange 2010 Audit Logging
5/1/2012 Endpoint Security Compliance: Top 11 Questions Auditors Ask
4/25/2012 Auditing SharePoint Activity for Compliance and Security
3/21/2012 Beyond Compliance: Combating Threats with Workstation Configuration Management
2/23/2012 Implementing Virtual Security Cameras to Protect Privileged Access and Enforce Accountability
1/31/2012 BitLocker Drive Encryption: How it Works and How it Compares
11/15/2011 Securing Sensitive Content in SharePoint Sites: What You Need to Know Now
11/3/2011 Top 6 Security Events You Only Detect by Monitoring Workstation Security Logs
11/1/2011 Practical Steps For Integrating and Managing Endpoint Security
8/24/2011 Understanding Logon Events in the Windows Security Log
8/4/2011 Top 10 VMWare Security Events You Should Be Monitoring
8/3/2011 Windows 7 AppLocker: Understanding its Capabilities and Limitations
7/27/2011 Active Directory for IT Auditors: Where Does Group Policy Fit In?
6/16/2011 Active Directory for IT Auditors: Understanding Domain Controller Security Issues
5/18/2011 Monitoring Access to Confidential Information in SharePoint
5/12/2011 Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware
4/28/2011 SharePoint: What's Going on Behind the Curtain?
4/14/2011 Beyond Auditing: How to Implement Preventive Controls over Powerful Users with Privileged Account Management
4/13/2011 Active Directory for IT Auditors: Documenting and Analyzing User Accounts
3/23/2011 Implement Best Practice, Compliant Log Management and Monitoring with Your Existing Log Management/SEM Solution
3/18/2011 Downsizing Domain Admins: How to Delegate 9 Common Admin Tasks
3/16/2011 Managing Access Control in SharePoint 2010
3/2/2011 Active Directory for IT Auditors: What Changes between Windows 2003 and 2008?
2/3/2011 Endpoint Device Control in Windows 7 and Beyond
12/2/2010 5 Real World Ways to Use Anomaly Detection with Security Logs
11/11/2010 Auditing IIS with the Windows Security Log
10/26/2010 Beyond Windows Patching: Dealing with the New Imperative to Patch Adobe, Apple, Linux and More
10/14/2010 Building a Security Dashboard for Your Senior Executives
6/30/2010 Taming SharePoint Audit Logs with LOGbinder SP and EventTracker
6/23/2010 Top 5 Daily Reports for Monitoring Windows Servers
6/17/2010 Finding Dormant User Accounts in Active Directory
5/26/2010 Getting Out of the Way of Green Initiatives: Power Management Joins Patch Management
5/6/2010 Configuring Windows Audit Policy to Minimize Noise: Provide Compliance, Support Forensics and Detect Intrusions
3/4/2010 Security Log Exposed: Auditing Changes, Deletions and Creations in Active Directory
2/4/2010 Insider Gone Bad: Tracking Their Steps and Building Your Case with the Security Log
12/10/2009 Endpoint Security's Unseen Risk: Users with Admin Authority
11/17/2009 11 Ways to Detect System Intrusions with the Security Log
10/27/2009 Audit Collection Services: Ready for Prime Time?
10/1/2009 Security Log Exposed: What is the Difference Between “Account Logon” and “Logon/Logoff” Events?
9/30/2009 Monitoring Active Directory for Security and Compliance: How Far Does the Native Audit Log Take You?
9/24/2009 Exploring the SharePoint Audit Log
9/16/2009 Top 5 Misconceptions about Endpoint Data Security
8/18/2009 Top 5 Goals for Effectively Using Log Management
8/13/2009 Using Active Directory’s Delegation of Control and Auditing to Streamline Security and Access Management
7/23/2009 Using Windows Server 2008's New Log Management Features: Archival, Forwarding, Views and Triggers
7/15/2009 Integrating Unix/Linux Identity and Authentication into Active Directory
6/23/2009 Root Access: Protecting and Ensuring Accountability in Unix and Linux
6/16/2009 Quantifying the Cost of Log Management: Making a Good Decision Security and Business-wise
5/21/2009 Strong Authentication on a Budget: Leveraging Industry Standards and your Existing Technology Investments
5/14/2009 Top 9 Ways to Detect Insider Abuse with the Security Log
5/13/2009 Addressing the 8 Worst Areas for Risk and Cost in Active Directory Identity Management
3/19/2009 Leveraging the XP and Vista Security Logs to Ensure Workstation Security and Compliance
2/5/2009 SharePoint Security: Managing, Auditing, and Monitoring
1/20/2009 Anatomy of a Hack: Tracking an Intruder with Security Logs
12/10/2008 Active Directory: Answering Who Has Access to What?
11/13/2008 Assessing the Risk of Trust Relationships in Active Directory
10/29/2008 Auditing File Access with the Windows Server 2008 Security Log: The Good, Bad and Ugly
10/18/2008 Eliminating Admin Rights on Workstations and Laptops: Avoiding the Pitfalls and Making it Work in the Real World
10/1/2008 Understanding Active Directory Structure and How It Makes Auditing AD Different
9/25/2008 Auditing Unauthorized, Unrecognized Software
9/4/2008 Active Directory Audit: Factoring in Integration with Other Applications, Databases and Platforms
8/7/2008 Auditing the Windows/Active Directory Environment
7/24/2008 Top 12 Security Events To Monitor on Member Servers
6/19/2008 Understanding Authentication Events in the Windows 2003 and 2008 Security Logs
5/20/2008 Monitoring Access Changes with the Windows 2008 and 2003 Security Logs
4/24/2008 Advanced Security Log Monitoring through Multi-Event Correlation
2/28/2008 Vista's User Account Control and Beyond
12/20/2007 Auditing Program Execution with the Security Log



Additional Resources