The ZeroLogon vulnerability is a privilege elevation vulnerability that exists when an attacker establishes a vulnerable NetLogon secure channel connection to a Microsoft Windows Server Domain Controller, allowing the attacker to perform a NetLogon authentication bypass attack, which simply put, can enable an attacker to obtain domain admin access, and take over an organization’s domain and effectively disrupt the organization’s functionality through ransomeware payload installation, for instance. This Zero-day vulnerability was discovered by Security firm, Secura, and Microsoft has recently confirmed that this vulnerability is actively being exploited in the wild. Secura has released a PoC code on their Github, that actually allows exploitation of this vulnerability and it’s use and deployment is quite intuitive. If the increasing discoveries of … Read More
Zero Trust and the Azure Firewall service
I’m a proponent of zero trust for enhancing network-level security and access control for your Azure resources. The idea is that of demarcating your high-security deployments from the internet, using a perimeter network, aka DMZ. What this enables you to do is focus your network access control, logging, monitoring, alert/event management workflow integration on your edge devices, not necessarily as a stand-alone solution, but as a part of an overarching solution for access control, and oversight at the network layer. Think NSGs/ASGs (in the Microsoft cloud) as fitting somewhere into this picture, and let’s not overlook Identity and the role it plays as a pillar of security, but that’s a topic for another day. Now with that said, most enterprises … Read More
Making the move to Azure Security Center and Azure Sentinel
This article is not intended as a technical deep-dive into the Azure Security Center (ASC) and Sentinel solutions from Microsoft. There are loads of instructive docs on these from Microsoft. I intend for this article to simply serve as a reminder for OMS Security and Compliance clients to make the switch to Azure Security Center and explore the Sentinel SIEM solution which is currently in preview and free. The Security and Compliance solution reaches EOL at the end of July 2019. Recall this security event log filtering feature that informed SecurityEvent table data in your Log Analytics repo, and that lived somewhere in the erstwhile OMS Security & Audit UI? Well it’s wound up in Azure Security Center. … Read More