Josh Cabrera's Cybersecurity Blog

 Credentialed Vulnerability Scans To do a credentialed or uncredentialed vulnerability scan as part of a security assessment? Pros:  Will find more vulnerabilities. Finds vulnerabilities that are not only network attack paths (browser insecurity, OS patch levels, etc.) Required by the CIS Framework. Pretty easy if you are using an agent-based scanner. Cons: Take a decent amount of work to set up. Also can be quite difficult if there are some/all devices that are not tied to AD/RMM/other type of central management. Creates another potential attack path if you are performing this on the network and not with an agent. If you can perform the scan, so can the attackers. Loose admin accounts are also a problem. You'll have to remember to roll back these changes when you're not actively scanning. Doesn't mimic an attacker scanning your network. If the attackers have admin credentials, they don't need to scan much. Agent-based scanning is expensive for small and medium business...

 RedAlert Ransomware #2 My shift will be over the time this happens, but I will be able to analyze a RedAlert decrypter tomorrow to see what I can see.While their ransom note and web page indicates they accept Monero only, we discovered that this group will accept BTC if you request it. Shady Webinar I signed up for a webinar from a well-known security vendor. Once I put in my name, the form auto-filled a phone number that I haven't used in about 10 years and haven't associated with my current employer at all. I suppose the takeaway is that security vendors employ shady marketing tactics just like everyone else? Active Directory Pentesting Mindmap I found this on Twitter as a nice cheatsheet to use.

RedAlert Ransomware On Friday, a new client reached out to us after they got hit with the new ransomware strain RedAlert . We will possibly get our hands on some sample encrypted files over the next 24 hours to play around with. Caffeinate I have been working on getting some files from a Mac M1 laptop for forensic reasons, but having trouble completing a remote capture. But today I learned about the caffeinate command. This little tool with a -s flag will do the trick.