Author's Posts

Top 3 Mistakes When Simulating Cyber Attacks

Breach and attack simulation (BAS) offers an efficient way to validate and test security controls, threat detection capabilities, logging levels in an environment, and incident response workflows. Simulating cyber attacks in this manner allows for security teams to proactively identify and remediate gaps; however, if not performed correctly, security teams may end up with a […]

Giving Back and Giving Thanks to the Community

There’s no doubt that 2020 has proven to be a challenging year for individuals, families, and organizations across the globe.  At ReliaQuest, we’ve always valued community roots, and this year especially we’ve been on the lookout for opportunities to spread positivity, help others, and give back in any way that we can.  Join us as […]

Credential Dumping Part 2: How to Mitigate Windows Credential Stealing

Credential theft is part of almost all attacks within a network, and one of the most widely known forms of credential stealing is surrounding clear-text credentials by accessing lsass.exe. However, this is only a piece of the bigger picture of the Windows credential model.  In Part 1 of the Credential Dumping Series, I took a closer look […]

Credential Dumping Part 1: A Closer Look at Vulnerabilities with Windows Authentication and Credential Management

For many of us in cybersecurity, we know that credential theft is part of almost all attacks within a network. Arguably, one of the most known forms of credential stealing is surrounding clear-text credentials by accessing lsass.exe. Almost synonymous with credential stealing is the popular tool Mimikatz, which is able to access the LSASS (Local Security Authority Subsystem […]

On the Hook: A Defense-in-Depth Approach to Mitigating Phishing Attacks

Purpose-built security tools are designed to solve for the ever-evolving threat landscape led by APTs, Nation-States, and Hacktivists, but is your organization accounting for the internal threats posed by your authorized users? Most phishing attacks require help from the end user to be successful Source: Peter Broelman The latest Verizon Annual Data Breach Investigations Report […]

How We Got Here: Will Open XDR Finally Unify Our Security Environment?

The hype cycle around XDR (cross-platform detection and response) is in full swing. But the problems it promises to solve and the outcomes security teams are looking for are nothing new.   It started with security information and event management (SIEM). We needed a better way to aggregate and search our security data to run effective investigations. It helped us to […]

Proactive Practices to Mitigate the Misuse of Service Accounts

Service accounts, by design, are created to perform specific tasks for services running on endpoints. Depending on the service and how the service account is configured, service accounts can have a range of different privilege levels. Malicious actors understand that service accounts typically have higher privileges than normal user accounts, and often target these accounts […]