Published By: Preempt
Published Date: Nov 02, 2018
Attackers and malware are increasingly relying on a common set of tools to compromise identities and spread within a network. Tools like Mimikatz accompanied with common administrator tools like PsExec and WMI have become a standard part of an attacker’s arsenal to turn a single machine compromise into a full network breach. In this webinar we will take a look at why some of these tools are traditionally difficult to control, and introduce new countermeasures that let you fight back. In this webinar we will cover:
- An analysis of recent malware and attacks and the tools they used to spread through the network.
- A closer look at the underlying protocols supporting these tools, and the traditional challenges to controlling them.
- Introduce new controls that allow organizations to control NTLM in real-time, block pass-the-hash techniques, and adaptively control the use of NTLM in the network.
- How to gain visibility into PsExec, WMI, and RPC in general and how to create controls t
After you set up your users and groups, the next thing you’ll want to do is configure the software running on your machines. In this webinar, you’ll get a taste of the many kinds of services and packages Puppet can manage on Windows. We’ll present some common use cases that will help you get some quick wins under your belt, including:
- Managing Windows services (Windows Time, Disk Defragmenter, etc.)
- Installing packages
- Managing Windows maintenance tasks via WMI by executing arbitrary PowerShell code
- Creating scheduled tasks in the Task Manager
Puppet can do a lot, but we always recommend starting small and building on your success. Make 2016 the year you banish manual configuration for good!
Published By: Promisec
Published Date: Mar 20, 2012
One of the greatest challenges to enforcing IT security and compliance lies at the endpoints, especially within Microsoft infrastructures. Learn how agentless technology has become mandatory in seeing, analyzing, and fixing Windows endpoint issues.
Deploying agent software on every system to run scheduled jobs is expensive, both to install and maintain. In this white paper, independent analyst firm Enterprise Management Associates highlights the cost-savings, flexibility, and agility of the agentless job scheduling technology built in to BMC CONTROL-M.
As businesses increasingly demand mobile options for employees, Sprint has introduced a service
for wholesale providers called Wholesale Mobile Integration (WMI), which integrates wireless and office telephones on the same phone number.
In our first cyber security checklist, we provided a security overview and best practices to help organizations prevent an initial compromise from occurring. In this guide, we will help you understand practical steps you can take to mitigate techniques attackers use once they have penetrated your defenses. Once attackers have access to a machine, they can evade detection by using fileless techniques and legitimate system administration tools to do their dirty work. With this checklist, you will have a guide to help mitigate the impact of an attacker. Lastly, we will hep you understand how partnering with a company like Alert Logic can provide better defenses to stop attackers in their tracks.
This checklist helps to explain how to:
• How to manage and limit PowerShell access
• Securing and utilizing Windows Management Instrumentation (WMI)
• Ways to apply application controls
• Following the principle of least privilege and applying access controls
• What to monitor for to help uncover