SQL Server abuse

Attacks involving SQL Server can be difficult to respond to because SQL Server comes with vast array of tools for automation, scheduling, and data import…

Read more

APT32 / OceanLotus campaigns 2019

EV-0054, also known as APT32 or OceanLotus, has been running stealthy operations characterized by novel delivery mechanisms, unique first-level installation, persistence, backdoor implants, and command-and-control…

Read more

Disable 'Allow Basic authentication' for WinRM Client

Check whether the Windows Remote Management (WinRM) client uses Basic authentication. Option 1 - Set the following Group Policy: Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM…

Read more