Avi Kama

Find me on:

Recent Posts

Local Admin Passwords: The Hidden Security Risk

Posted by Avi Kama on Jul 16, 2019 11:33:00 AM

You’re a good administrator, and you don’t take shortcuts. You adhere to information security best practices whenever possible, and you take that responsibility seriously.

With that said, a hidden setting in a Windows 10 implementation scenario might result in a precarious setup – one in which every computer in your network can be accessed with the same password. In other words, a hacker would only need to steal a single credential in order to obtain the keys to your entire kingdom. Due to an upcoming change in the Windows platform, there’s a good chance that this could happen to you – here’s how to avoid it.

Read More

Topics: User Risk, Privileged Users, Passwords, Microsoft

Disrupting an Attacker from Exploiting Domain Credentials

Posted by Avi Kama on May 28, 2019 8:28:00 AM

Security professionals often feel they don’t have enough time to keep up with modern threats. In fact, Crowdstrike researchers have found that top threat actors can go in and out of networks in a matter of minutes. Despite other similar security research reports listing all the ways threat actors can breach a network, they rarely offer a viable solution to combat these risks and often just resign us all to a “we can only do our best” mentality.

I disagree. While I feel that “doing our best” is sufficient for an elementary school project, it’s not the right mentality for an enterprise security team. We as security professionals should strive to be excellent. In order to get there, let’s review some common attack patterns and discuss the best ways to disrupt an attacker’s plan.

Read More

Topics: User Behavior, APT, Credential Compromise

How the CIA Twists the APT Kill Chain to Avoid Detection

Posted by Avi Kama on Apr 4, 2017 8:01:00 AM

A couple weeks ago, in my blog on Improving Hacking Techniques Used by the CIA, I talked about how DLL hijacking could be done easier.  In further looking at the CIA documents, I found an interesting twist that the CIA is taking on the APT kill chain. The APT kill chain is a well accepted description of the way APTs are operated. The chain contains 7 stages (as described on wikipedia): 

Read More

Topics: APT, Preempt Research Team, CIA

Improving Hacking Techniques Used by the CIA  - DLL Proxy Made Easy

Posted by Avi Kama on Mar 16, 2017 11:59:45 AM

Just like the rest of the world, I’ve been fascinated by the CIA documents released by WikiLeaks (aka Vault 7 release). The more you read about the way CIA operates, the more it feels like there’s little anyone can do.  

Read More

Topics: Preempt Research Team, Hacking, CIA