HyperQast EP4 – PT 2: Securing Active Directory to Disrupt Ransomware Attacks

HYPERQAST:  A TECHNOLOGY PODCAST.

Hosted by Craig Stevenson, alongside a bevy of subject-matter experts, they’re digging into topics from Cybersecurity to software development and everything in between!

 

EP4 – Part 2: Securing Active Directory to Disrupt Ransomware Attacks

What is Ransomware? And how does it move throughout an organization? Craig along with Derek Melber, the Chief Technology & Security Strategist at Tenable (who is also a 17 time Microsoft MVP, in both Active Directory and Group Policy) discuss what is Ransomware, its origins, then dive into the mind of an attacker and review the different stages of an attack and how Active Directory fits in.

HyperQast EP4 – PT 1: Active Directory Security: Historical Lessons and Today’s Issues

HYPERQAST:  A TECHNOLOGY PODCAST.

Hosted by Craig Stevenson, alongside a bevy of subject-matter experts, they’re digging into topics from Cybersecurity to software development and everything in between!

 

EP4 – Part 1: Active Directory Security: Historical Lessons and Today’s Issues

Active Directory (AD) has been a part of Windows Security since its release with Windows 2000 Server. Craig along with Derek Melber, the Chief Technology & Security Strategist at Tenable (who is also a 17 time Microsoft MVP, in both Active Directory and Group Policy) discuss the history of Active Directory, as well as the 5 must know AD security practices.

HyperQast EP3: Cyber Ranges & ZTEdge with Dr. Zero Trust

HYPERQAST:  A TECHNOLOGY PODCAST.

Hosted by Curious Craig (Craig Stevenson), alongside a bevy of subject-matter experts they’re digging into topics from Cybersecurity to software development and everything in between!

 

EP3: Cyber Ranges & ZTEdge with Dr. Zero Trust

Cyber Ranges are an important asset to leverage for a Zero Trust implementation.  ZTEdge is a Zero Trust cloud security platform that cuts complexity, reduces cyber-risk, and improves performance, at half the cost of other solutions. Curious Craig along with Dr. Zero Trust (Chase Cunningham) discuss the difficulties of building your own Cyber Range as well as how ZTEdge supports a Zero Trust implementation.

HyperQast EP2: The Business of Ransomware

HYPERQAST:  A TECHNOLOGY PODCAST.

Hosted by Curious Craig (Craig Stevenson), alongside a bevy of subject-matter experts they’re digging into topics from Cybersecurity to software development and everything in between!

 

EP2: The Business of Ransomware

Hacking is a business. A hacker’s goal is to monetize their unauthorized access to your system. The market has shown us that the best way to do that is through Ransomware. Curious Craig along with professional Penetration testers Miguel and John from BreachBits do a deep dive into the world of Ransomware.

HyperQast EP1: DLL Search Order Hijacking

INTRODUCING HYPERQAST:  A TECHNOLOGY PODCAST.

Hosted by Curious Craig (Craig Stevenson), alongside a bevy of subject-matter experts they’re digging into topics from Cybersecurity to software development and everything in between!

 

EP1: DLL Search Order Hijacking

What is it? How do hackers use it? How can you detect/stop it?  What happens immediately after a Hacker gains access to a computer?  Most people think that they just download some files or launch some ransomware and it’s over.  But the actual first steps are a little bit harder than that.  Suppose someone clicks on a malicious email and as a result has let a hacker onto their computer.  If the hacker does nothing and that user reboots their computer, the hacker no longer has access.  So the hackers first goal is to establish Persistence.  Straight from the Mitre ATT&CK framework, “Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access.”  One way to establish persistence is through a technique called DLL Search Order Hijacking.  But first a bit of background on what a DLL is and how Windows uses them.  

A DLL is a file that contains code and data that can be used by more than one program at the same time.  These files have a lot of advantages.  They allow programs to use fewer resources by avoiding duplication and they can increase security.  If you fix a security hole in a DLL then all the programs that use that DLL automatically get fixed as well.  When a windows program starts it searches for the DLL’s it needs by looking through directories on the hard drive in a specific order.  This is known as the DLL search order.  If you drop a malicious DLL in the right directory Windows will load it before finding the legitimate library. 

Our curious founder, Craig Stevenson, along with professional Penetration testers from BreachBits break down the steps of an attack and what role DLL Hijacking plays within that attack.