Yaron Zinar

Find me on:

Recent Posts

How to Stop NotPetya and Similar Ransomware from Spreading in the Network

Posted by Yaron Zinar on Jul 5, 2017 2:06:01 PM

NotPetya, a recent malware, masquerading as the known Petya ransomware started wreaking havoc at a world scale last week. Initially, it looked like another wave in the malware storm that started with Shadow Brokers’ publication of EternalBlue and other zero-day vulnerabilities in Windows OS. And, in fact, NotPetya used EternalBlue as one of the lateral movement methods in its arsenal. But, apparently, the developers of NotPetya wanted to hit some high-value targets and the risk that these networks had already been fully patched would have ruined their attack.

Read More

Topics: Adaptive Response, Credential Compromise, ueba, Ransomware

1 in 5 Enterprise Passwords Can Be Easily Compromised

Posted by Yaron Zinar on Jun 14, 2017 5:00:00 AM

Recently, the new draft of NIST guidelines was released and proposed a shift in password strategy from periodic changes with complexity requirements to use of a long "memorized secret.” Many organizations have forced regular password changes and password complexity but this has failed them.

Read More

Topics: CISO, Passwords

Real-time vs After the Fact: Pitfalls of Log-based Behavioral Threat Detection

Posted by Yaron Zinar on Apr 13, 2017 7:52:35 AM

It was recently published that Shadow Brokers, the group behind the Equation Group leak, are selling a new set of tools that have the ability to tamper with Windows event logs. What stood out to me is the inefficiency of security solutions that rely solely on logs for detecting threats. Implementing a security analytics or a UEBA product that relies on logs for detection of advanced cyber threats has advantages, but it is also risky.

Read More

Topics: APT, User and Entity Behavior Analytics, Threat Detection

Kerberos, NTLM and SAM: 3 Ways Attackers Can Crack Passwords

Posted by Yaron Zinar on Mar 23, 2017 9:25:12 AM

In a previous blog, we discussed the prevalence of weak passwords in the Enterprise. The fact of the matter is, once an attacker gains access to password challenges and exfiltrates them for offline cracking, they can crack them in most cases.

Read More

Topics: NTLM, kerberos, Passwords, SAM

Do Smart Cards Protect You From Credential Theft?

Posted by Yaron Zinar on Aug 11, 2016 7:07:18 AM

In recent years, the use of smart card widely increased as a secure form of authentication for a wide range of applications, ranging from mobile networks requiring a SIM card in mobile devices to credit card vendors making smart cards, the de facto standard for credit cards.

Read More

Topics: Smart Card, Active Directory