Avi Kama

Find me on:

Recent Posts

Preempt Inspector Discovers Stealthy Admins to Help Organizations Reduce Risk

Posted by Avi Kama on Nov 10, 2017 9:18:41 AM

This past March we announced Preempt Inspector, a free app for password strength assessment. The App provided administrators with a better understanding of their AD configuration, especially difficult to estimate parameters, such as duplicate and weak passwords. We analyzed the anonymous data we received from the app, and found some worrying trends, like that 1 in 5 enterprise passwords can be easily compromised.

Read More

Topics: Passwords, Risk, Stealthy Admin, Active Directory

How the CIA Twists the APT Kill Chain to Avoid Detection

Posted by Avi Kama on Apr 4, 2017 8:01:00 AM

A couple weeks ago, in my blog on Improving Hacking Techniques Used by the CIA, I talked about how DLL hijacking could be done easier.  In further looking at the CIA documents, I found an interesting twist that the CIA is taking on the APT kill chain. The APT kill chain is a well accepted description of the way APTs are operated. The chain contains 7 stages (as described on wikipedia): 

Read More

Topics: CIA, APT, Preempt Research Team

Improving Hacking Techniques Used by the CIA  - DLL Proxy Made Easy

Posted by Avi Kama on Mar 16, 2017 11:59:45 AM

Just like the rest of the world, I’ve been fascinated by the CIA documents released by WikiLeaks (aka Vault 7 release). The more you read about the way CIA operates, the more it feels like there’s little anyone can do.  

Read More

Topics: Preempt Research Team, Hacking, CIA

Are Local Administrator Passwords a Security Risk In Your Organization?

Posted by Avi Kama on Feb 24, 2017 12:32:58 PM

On every Windows machine, you will find there is a local administrator user, usually descriptively named “Administrator.” This user exists by default. It is there because the machine requires at least one administrator when it is first installed. For the most part, machines in an organization are managed by the domain administrator (once the machine is added to the domain, the domain administrator is also an administrator for that machine), and the local administrator is used in times of “crisis” - when there’s no network access, but physical access is available.

Read More

Topics: Passwords, Privileged Users, User Risk

Taming ProjectSauron’s Evil Eye From Compromising Domain Controllers

Posted by Avi Kama on Aug 18, 2016 10:58:46 AM

In the past few days we all learned of the latest advanced cyber espionage spyware, ProjectSauron. An in-depth analysis was published by Kaspersky Lab, and found it to be one of the most advanced cyber-warfare malware ever made. The malware was named ProjectSauron after reference to the evil dark lord of Lord of the Rings was found embedded in the code.

Read More

Topics: Domain Controller, APT, User and Entity Behavior Analytics, ProjectSauron

Disrupting an Attacker from Exploiting Domain Credentials

Posted by Avi Kama on Jul 20, 2016 9:57:42 AM

We security professionals are constantly reading over and over: Time is not on our side. In the recent Verizon DBIR 2016 report they illustrate how quickly threat actors go in and out of networks. There are many other similar security data reports that list the possible reasons and detach responsibility which ultimately means “all we can do is our best.” 

Read More

Topics: APT, User Behavior, Credential Compromise