Jul 28, 2018
Chicago, IL, USA
Jul 31, 2018   |  By Ingmar Koecher
EventSentry v3.5 continues to increase visibility into networks with additional vantage points, making it easier for EventSentry users to reduce their attack surface as well as discover anomalies.
Mar 16, 2018   |  By Ingmar Koecher
Windows supports a code-signing feature called Authenticode, which allows a software publisher to digitally sign executable files (e.g. .exe, .msi, …) so that users can verify their autenticity. The digital signature of a file can be viewed in the file properties in Windows explorer on the “Digital Signature” tab.
Jan 30, 2018   |  By Ingmar Koecher
In part one I provided a high level overview of PowerShell and the potential risk it poses to networks. Of course we can only mitigate some PowerShell attacks if we have a trace, so going forward I am assuming that you followed part 1 of this series and enabled: Module Logging, Script Block Logging, Security Process Tracking (4688/4689)
Jan 29, 2018   |  By Ingmar Koecher
Imagine someone getting the seemingly innocent ability to run a couple of commands on a machine on your network WITHOUT installing any new software, but those commands resulting in a reverse shell running on that same machine – giving the intruder a convenient outpost in your network. Now stretch your imagination even further and pretend that all of this happens without leaving any unusual traces in logs – leaving you completely in the dark.
Dec 21, 2017   |  By Ingmar Koecher
In Mr. Robot‘s episode 9 of season 2 (13:53), Angela Moss needs to obtain the Windows domain password of her superior, Joseph Green, in order to download sensitive documents that would potentially incriminate EvilCorp. Since her attack requires physical access to his computer, she starts with a good old-fashioned social engineering attack to get the only currently present employee in the office to leave.
Jul 3, 2018   |  By EventSentry
Once you are familar with the basic concept of EventSentry we recommend that you take a look at the best practices. It contains useful tips & tricks and configuration examples to help you get the most out of EventSentry with the least amount of administration.
Jul 3, 2018   |  By EventSentry
This guide gives you a quick, architectural overview of EventSentry to get you started using the product. Browse or search the documentation for detailed product information.
Jul 3, 2018   |  By EventSentry
Justifying the purchase and implementation of a system monitoring solution can be difficult, since IT department software purchases are faced with more scrutiny than ever in today’s extremely competitive marketplace.
Nov 2, 2018   |  By NETIKUS.NET LTD
Put netstat on steroids and reduce your attack surface by revealing all processes on your network that are listening for incoming TCP connections. EventSentry can also alert when a new process is listening for incoming connections, or when critical processes are not running.
Sep 21, 2018   |  By NETIKUS.NET LTD
Explains how to exclude email alerts in EventSentry using Outlook, the built-in event viewer, or manually.
Jun 24, 2018   |  By NETIKUS.NET LTD
3 reasons why our fping utility is better than the Windows built-in ping utility.
Jun 12, 2018   |  By NETIKUS.NET LTD
Introduction to EventSentry
May 2, 2018   |  By NETIKUS.NET LTD
How to terminate malicious PowerShell scripts based on command line parameters (and more) in real time with EventSentry.