Written by: Vikram Navali, Senior Technical Product Manager – During a Domain Controller (DC) promotion, administrators create a Directory Services Restore Mode (DSRM) local administrator account with a password that rarely changes. The DSRM account is an “Administrator” account that logs in with the DSRM mode when the server is booting up to restore AD backups or recover the server from a failure.
Authored by: Carolyn Crandall, Chief Deception Officer, Attivo Networks – Halloween is upon us once more, but as with most things, it looks a little different this year. While adults wrestle with the countless disruptions the COVID-19 pandemic has brought to their lives and businesses, children worldwide are grappling with the sad possibility that trick-or-treating may not be an option this year. Unfortunately, the pandemic has not similarly deterred cybercriminals. Cyberattacks are on the rise, with attackers leveraging the widespread remote work and other consequences of the pandemic to ransack networks throughout the world.
As organizations increasingly utilize DevOps for software development and IT operations, DevOps environments have become a priority target for would-be cybercriminals. Throughout the development process, it is critical to continually assess whether attackers have injected malicious code into the environment, and the nature of DevOps development can make this a challenge. DevOps works according to …
Written by: Joe Carson, Sr. Director, Professional Services at Attivo Networks, Inc. – From time to time, I am asked to help a customer validate the efficacy of their deception implementation. This can be part of a pilot deployment, or after full operationalization. In many cases, organizations have some in-house resources for penetration testing and possibly even red team expertise. These resources are often leveraged to test product controls or test systems against a direct attack.