Got a friend that received the following mail 8 or 9 times in his inbox and he wondered if I would take a look at it. How can I say no? The mail looked like this: It has been some time since I last reversed something so I taught it would be fun just to […]
Posts tagged security
Microsoft Advanced Threat Analytics – My best practices
I thought I would write this blogpost to describe what I think is best practices in terms of installation of Microsoft Advanced Threat Analytics. The product is meant to reveal advanced attacks in your infrastructure. It is therefore important to understand that you should assume breach when installing this product. This could be a little […]
Going Secure
Since Digicert.com provides free certificates to MVPs, we have added a SSL certificate to our blog and switched to HTTPS on all our traffic. Thank you so much Digicert. This will make sure that all traffic to and from our blog is encrypted. Google has announced that they will use https as a ranking signal […]
Legacy Protocols and Ciphers – Let’s disable them!
Since there has been a lot of writing in Norwegian media about Norwegian Government pages that still uses old protocols and ciphers, I decided to post a PowerShell script I use when I setup Windows Servers in order to disable the old protocols and ciphers. NRK has written in detail how they conducted their research here […]
New macro security setting in Office 2016
Microsoft has announced (https://blogs.technet.microsoft.com/mmpc/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/) that there is a new group policy setting in macro security that blocks macros from files that arrives from Internet. If there is one setting you should implement in your organization, it is this one. This setting will make attacks through attachments in emails much harder. Microsoft’s Office 365 Advanced Threat […]
AppLocker video (Norwegian)
I just created a video about AppLocker and how it can make companies more secure. The video is in Norwegian (Sorry to our english readers). My goal with the video is to get companies to focus more on client security. Two days ago we could read about a hospital in Hollywood that was taken offline […]
Our session compared with NSA’s Nation-State hackers session
If there is one session about security I really think you should watch, it is definitely Rob Joyce’s talk at USENIX. Rob Joyce leads the NSAs Tailed Access Operations. They are often referred to as Nation-State hackers. His session is about tips on how to prevent or make it more difficult for Nation-State Hackers to get […]
Did you remember to secure your clients?
This might come as a shocker to you (irony), but cyber-criminals use e-mail to attack your users. I feel that client security is something that is often overlooked and IT-pros tend to focus on securing the servers rather than focusing on what is possible to do from the clients within the company network. If you […]