Adalanche gives instant results, showing you what permissions users and groups have in an Active Directory. It is useful for visualizing and exploring who can take over accounts, machines or the entire domain, and can be used to find and show misconfigurations.

Active Directory security is notoriously difficult. Small organizations generally have no idea what they’re doing, and way too many people are just added to Domain Admins. In large organizations you have a huge number of people with different needs, and they are delegated access to varying degrees of power in the AD. At some point in time, someone makes a mistake, and that can cost you dearly.

Download

Adalanche is an all-in-one binary – it collects information from Active Directory or from local Windows machines and can the analyze the collected data. If you’re only doing AD analysis, just grab the binary for your preferred platform. Later you can deploy the dedicated collector .exe for your Windows member machines via a GPO or other orchestration and get even more insight.

Download either the latest release or the build of the latest commit from Releases. Usually running with the latest commit is fine, but there might be a problem here and there. Releases are considered stable and are for the less adventurous.

Go here to download from GitHub 

NOTICE this tool should be used only if authorized.

Is it dangerous to run adalanche?

No, it is not. Running adalanche requires nothing more than a regular user account, and works by connecting to Active Directory services and querying (reading) data from the LDAP object store, and by reading files from the SYSVOL file share (optional). This data is available to all users, and is also what attackers use to do initial reconnaissance.

Learning objectives

• Introduction1 min
• What is PowerShell?4 min
• Exercise – Run your first PowerShell commands1 min
• Locate commands3 min
• Exercise – Locate commands2 min
• Knowledge check4 min
• Summary1 min

Other sites 

 1. PowerShell tutorial for beginners – https://lnkd.in/ezsh8qE6

2. Learn PowerShell in a month of lunches –https://lnkd.in/eDCN-av6

3. PowerShell.org’s YouTube – https://lnkd.in/eAs-zExH

I will be speaking at  ChannelPro SMB Forum: Los Angeles event, which will be held
November 2-3, 2022, at the Pacific Palms Resort. 

November 2nd

November 3rd

 

Mobile Passwords–Tricks
& Treats

The NCCoE Buzz: Mobile Security Edition is a recurring email on
timely topics in mobile device cybersecurity and privacy from the National
Cybersecurity Center of Excellence’s (NCCoE’s) Mobile Device Security project
team. 

 

With Halloween around the corner, the National Cybersecurity
Center of Excellence (NCCoE) wants to share a few “tricks” and tips for mobile
passwords that result in the “treat” of protecting your mobile device from
compromise. 

Potential Threats

Below is a list of several potential mobile password threats that
can impact you or your organization:

• Lost/Stolen
  Phone – If an unauthorized user
  obtains a lost or stolen mobile phone that has no password, they may have
  easy access to sensitive information on the device (e.g., messages,
  photos, or email)
• Brute-Force
  Attack – If a mobile phone has a weak
  password, a malicious attacker may be able to easily obtain the password
  and gain access to information on the mobile phone
• Phishing – If a password is captured by texting or emailing to
  convince a user or subscriber into thinking the attacker is a verifier or
  reliable party, the attacker can gain access to a user’s account(s) and
  access sensitive information

Password Protections

To protect against mobile password threats, here are a few tips:

1. Apply multi-factor authentication.

If a password is compromised, requiring a second factor for
authentication can help protect against threats such as phishing attacks. 

Multi-factor authentication can be any combination of the
following:

• Something you know – Password, pin, etc.
• Something you have – Authenticator app, hardware token, etc.
• Something you are – Biometrics (e.g., fingerprint or face recognition)

For example, if an attacker has acquired your password (something
you know) through a phishing attack, but your account requires a password +
your fingerprint (something you are) to grant access, then the attacker will
not be able to access your account because they do not have access to the
second factor.

2. Choose a password with a minimum length of 8 characters.

A common misconception is that complexity is the key to having a
strong password. NIST SP 800-63B highlights that complexity can actually make
it difficult for the user to remember their password and can deter them from
developing a strong memorable password.

Instead, 800-63B recommends creating a memorable password that is
at least 8 characters in length to help prevent against brute-force attacks,
while also ensuring the user can remember their password/pin/passphrase.

We hope these mobile password tricks and treats were helpful.

Additional Resources

More information about how to use and apply specific
authenticators can be found in NIST Special Publication 800-63B Digital Identity Guidelines: Authentication and Lifecycle Management.

More information on how to protect against other potential mobile
threats can be found in NIST SP 1800-22 Mobile Device Security: Bring Your Own Device.

 

 On Nov. 1, 2022, CISA will upgrade from Traffic Light Protocol (TLP) 1.0 to
TLP 2.0 in accordance with the recommendation by the Forum of Incident Response Security Teams
(FIRST) that organizations move to 2.0 by the end of 2022. TLP Version
2.0 brings the following key updates:

• TLP:CLEAR replaces TLP:WHITE for publicly releasable
  information.
• TLP:AMBER+STRICT supplements TLP:AMBER, clarifying when
  information  may be shared with the recipient’s organization only.

CISA encourages all network defenders and partners to upgrade to TLP Version
2.0 to facilitate greater information sharing and collaboration. For more
information see:

• On
  Nov. 1, CISA Upgrades to Traffic Light Protocol 2.0 — Join Us! by
  Tom Millar, Cybersecurity Senior Advisor, CISA, and Co-chair of the FIRST
  TLP Special Interest Group (SIG)
• CISA.gov/TLP,
  which contains links to CISA’s TLP 2.0 User Guide and Fact Sheet
• FIRST.org/TLP

Back in August, the NCCoE Healthcare team released the final
project description Mitigating
Cybersecurity Risk in Telehealth Smart Home Integration.
This project’s goal is to provide health delivery organizations (HDOs) with
practical solutions for securing an ecosystem that incorporates consumer-owned
smart home devices into an HDO-managed telehealth solution.

Register now to hear an update from the NCCoE Healthcare team on
the following topics:

• The Smart Home Integration
  Project Description
• The Federal Register Notice
  (FRN) Status
• The NCCoE project approach and
  potential collaboration opportunities
• Next steps for the NCCoE
  Healthcare team

There will be 45 minutes of presentation and 15 minutes of Q&A
at the end of the webinar.

This event takes place at 2 PM today. The
event page includes details on the overview of the call as well as a link to
the registration page. If you have any questions, please email our team at hit_nccoe@nist.gov.

Event
Page

 The second public draft of NIST Special Publication (SP)
800-140Br1 (Revision 1), CMVP Security
Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and
ISO/IEC 19790 Annex B, is now available for public
comment.

The initial public draft introduced four significant changes to
NIST SP 800-140B:

1. Defines a more detailed
   structure and organization for the Security Policy
2. Captures Security Policy
   requirements that are defined outside of ISO/IEC 19790 and ISO/IEC 24759
3. Builds the Security Policy
   document as a combination of the subsection information
4. Generates the approved
   algorithm table based on lab/vendor selections from the algorithm tests

This second draft addresses the comments made on the initial
draft, including concerns with the structure of the Security Policy and the
process for creating it. Appendix B provides details on these changes.

The NIST SP 800-140x series supports Federal Information
Processing Standards (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules,
and its associated validation testing program, the Cryptographic Module
Validation Program (CMVP). The series specifies modifications to ISO/IEC 19790
Annexes and ISO/IEC 24759 as permitted by the validation authority.

The public comment period is open through December 5, 2022. See
the publication
details for instructions on submitting comments.

Read
More

 The public comment period has been extended for the initial public
draft of NIST Special Publication (SP) 800-66r2 (Revision 2), Implementing the
Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide.
The new comment deadline
is October 5, 2022.

The HIPAA Security Rule specifically focuses on protecting the
confidentiality, integrity, and availability of electronic protected health
information (ePHI), as defined by the Security Rule. All HIPAA-regulated
entities must comply with the requirements of the Security Rule.

This draft:

• Includes a brief overview of
  the HIPAA Security Rule
• Provides guidance for regulated
  entities on assessing and managing risks to ePHI
• Identifies typical activities
  that a regulated entity might consider implementing as part of an
  information security program
• Lists additional resources that
  regulated entities may find useful in implementing the Security Rule

Please submit comments to sp800-66-comments@nist.gov through October 5, 2022.
See the publication
details for a copy of the draft and instructions for submitting
comments.

NOTE: A call for patent claims is included on page v of this
draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy –
Inclusion of Patents in ITL Publications.

Read
More

 Created in 2014, this collaborative event is cooperatively
developed, organized and sponsored by the leading information security industry
organizations and chapters, including NY Metro ISSA. The strength of
organizational membership, the provision of desirable CPE credits and the
concurrence of National Cyber Security Awareness Month, is always well-attended
by members of the information technology, information security, audit,
academic, and business communities.

Agenda is at InfoSecurity.NYC 

Register for free Infosecurity-NYC-2022.EventBrite.com