Chicago, IL, USA
Jul 31, 2018 | By Ingmar Koecher
EventSentry v3.5 continues to increase visibility into networks with additional vantage points, making it easier for EventSentry users to reduce their attack surface as well as discover anomalies.
Mar 16, 2018 | By Ingmar Koecher
Windows supports a code-signing feature called Authenticode, which allows a software publisher to digitally sign executable files (e.g. .exe, .msi, …) so that users can verify their autenticity. The digital signature of a file can be viewed in the file properties in Windows explorer on the “Digital Signature” tab.
Jan 30, 2018 | By Ingmar Koecher
In part one I provided a high level overview of PowerShell and the potential risk it poses to networks. Of course we can only mitigate some PowerShell attacks if we have a trace, so going forward I am assuming that you followed part 1 of this series and enabled: Module Logging, Script Block Logging, Security Process Tracking (4688/4689)
Jan 29, 2018 | By Ingmar Koecher
Imagine someone getting the seemingly innocent ability to run a couple of commands on a machine on your network WITHOUT installing any new software, but those commands resulting in a reverse shell running on that same machine – giving the intruder a convenient outpost in your network. Now stretch your imagination even further and pretend that all of this happens without leaving any unusual traces in logs – leaving you completely in the dark.
Dec 21, 2017 | By Ingmar Koecher
In Mr. Robot‘s episode 9 of season 2 (13:53), Angela Moss needs to obtain the Windows domain password of her superior, Joseph Green, in order to download sensitive documents that would potentially incriminate EvilCorp. Since her attack requires physical access to his computer, she starts with a good old-fashioned social engineering attack to get the only currently present employee in the office to leave.
Once you are familar with the basic concept of EventSentry we recommend that you take a look at the best practices. It contains useful tips & tricks and configuration examples to help you get the most out of EventSentry with the least amount of administration.
Nov 2, 2018 | By NETIKUS.NET LTD
Put netstat on steroids and reduce your attack surface by revealing all processes on your network that are listening for incoming TCP connections. EventSentry can also alert when a new process is listening for incoming connections, or when critical processes are not running.