Many enterprise laptops use BitLocker to provide full disk encryption (FDE) to protect sensitive data from exposure if the laptop were stolen. But how adequate is the default implementation of BitLocker to protect data at rest in this scenario? The security of all encryption relies on protection of the key material. A common assumption is … Continue reading Wake up and Smell the BitLocker Keys
Introduction Today we will take a first look at malware-based attacks on ATMs in general, while future articles will go into more detail on the individual subtopics. ATMs have been robbed by criminal gangs around the world for decades. A successful approach since ~ 20 years is the use of highly flammable gas, which is … Continue reading Malware-based attacks on ATMs – A summary
This blog post will create a Sysmon archive quota through WMI event consumption to avoid storage exhaustion.
In a previous blogpost, we discussed the OS hardening baselines for Windows Server 2016 written in PowerShell DSC, which we made publicly available on the NVISO GitHub page. Using this, you can define your own hardening baseline to use within your own environment. Once a baseline is defined, we want to apply it to the … Continue reading Windows Hardening in the cloud with Azure Automation
Operating system hardening is the process of improving the security of a default OS installation to minimize the attack surface that can be exploited by an attacker. But doing this manually on each system that is deployed on-premise or in the cloud is a cumbersome task. It can lead to inconsistent security configurations because of … Continue reading Windows Server Hardening with PowerShell DSC
