NIST CSF 2.0 brings new content to broaden its audience and new tools to help ease implementation. By Jeffrey T. Lemmermann, CPA, CISA, CITP, CEH In 2013, the National Institute of Standards and Technology (NIST) began development on a program to help private-sector businesses better understand, manage and reduce cybersecurity risk. That effort, geared for […]
This is a follow-up blog post from our CypherCon 2024 presentation. The slides are located here: https://x.com/TheL0singEdge/status/1776101737461399780 Active Directory Certificate Services (AD CS) is a crucial component of many organizations' security infrastructure, responsible for public key infrastructure (PKI) and managing digital certificates. Despite its importance, AD CS can also be a target for various security […]
In part one of this series, we discussed the evolving landscape of cybersecurity and the roles artificial intelligence (AI) and machine learning (ML) play in the security space today. Here in part two, we discuss the advancements that have been made in AI and ML that strengthen cybersecurity and the challenges that come with implementing […]
Over the past 20-years, I’ve used every major vulnerability scanner. There are several great scanners on the market, and SynerComm has continually used one of them from its free GNU public license years (pre-Oct. 2005), to its current version today. As the tactics, techniques, and procedures (TTP) of cyber-criminals evolved, our testing methodologies also adapted […]
With the help of artificial intelligence (AI) and machine learning (ML), cybercriminals are creating novel, sophisticated threats more frequently and with fewer resources than ever before. These threats are increasingly difficult to detect using signature-based analysis methods and continue to wreak havoc across the digital business landscape. In 2023, the global average cost of a […]
Understanding the various methods and Tactics, Techniques and Procedures (TTP's) by which attackers gain initial access to systems is crucial for developing robust defense mechanisms. Initial access represents the first phase of an intrusion, where threat actors initially breach a target's defenses to establish a foothold within an organization's network. This blog series aims to […]
Are you looking for a pentest? A continuous pentest? Or maybe attack surface management? We’ll never have a shortage of new terminology (and acronyms) to learn and understand. When evaluating security vendors and comparing their solutions, it’s critical that everyone is on the same page and speaking the same language. This article starts to shed […]
One of the popular methods for dumping LSASS is using the procdump.exe program from the Sysinternals Suite. Something like: However, Microsoft is well aware of this method, and it is being tracked along with several other common methods and tools. Now procdump is legitimate software with many use cases and it is signed by Microsoft. […]
The recent 20th Anniversary of IT Summit was an eye-opener for tech enthusiasts, security professionals, and business leaders alike. This annual two-day event brings together IT leaders from across the country to learn about the latest strategies and challenges in the infrastructure, data center, and InfoSec communities. This year’s discussions revolved around the evolving landscape […]
