Detecting and Protecting when Remote Desktop Protocol (RDP) is open to the Internet

Category:  Detection/Reduction/Prevention Overview Remote Desktop Protocol (RDP) is how users of Microsoft Windows systems can get a remote desktop on systems remotely to manage one or more workstations and/or servers.  With the increase of organizations opting for remote work, so to has RDP usage over the internet increased. However, RDP was not initially designed with the … Continue reading Detecting and Protecting when Remote Desktop Protocol (RDP) is open to the Internet

Detecting and Hunting for the PetitPotam NTLM Relay Attack

Overview During the week of July 19th, 2021, information security researchers published a proof of concept tool named “PetitPotam” that exploits a flaw in Microsoft Windows Active Directory Certificate Servers with an NTLM relay attack.  The flaw allows an attacker to gain administrative privileges of an Active Directory Certificate Server once on the network with … Continue reading Detecting and Hunting for the PetitPotam NTLM Relay Attack

Disabling Office Macros to Reduce Malware Infections

Category:  Reduction/Prevention Overview Document macros have gone in and out of style since 1995 as a deployment method for malware. Netskope’s latest ‘Cloud and Threat Report: July 2021 Edition’ points out that in Q2 of 2021, Microsoft Office macros accounted for 43% of malicious Office document downloads, compared to just 20% at the beginning of … Continue reading Disabling Office Macros to Reduce Malware Infections

Detecting and Hunting for the Malicious NetFilter Driver

Category:  Detection and Threat Hunting Overview During the week of June 21st, 2021, information security researchers from G Data discovered that a driver for Microsoft Windows named “netfilter.sys” had a backdoor added by a 3rd party that Microsoft then signed as a part of the Microsoft OEM program.  The malicious file is installed on a … Continue reading Detecting and Hunting for the Malicious NetFilter Driver