Trimarc Newsletter: April 2023
As the old saying goes “April showers bring new Threat Actor attacks, vendor webinars, and tool updates.” Later in 1867, the phrase shortened to “April showers bring May flowers” but the sentiment is still there. We’ve got lots to tell you about virtual security this month including our upcoming Trimarc Webinar on vSphere & AD security. If you’re coming to BSides Charm, come say hello at the Trimarc booth.
How many Directory Forests exist in the average enterprise? Is there even such a thing as “average”? Maybe it’s one, maybe its hundreds. It’s possible you don’t even know. (If you’ve seen what we’ve seen with Mergers and Acquisitions you know what we’re talking about. )
Enter Trimarc Vision.
What is Vision?
Trimarc Vision is a security posture analysis product that provides visibility into the most important security components of Active Directory. From one to hundreds of Active Directory forests, Vision provides at-a-glance insight into prioritized security issues globally.
What does Vision do?
Vision answers the question: “What is the current security posture status of all my Active Directory forests?”
How is Vision different from other products?
The biggest differentiator for Vision is that it was designed to provide a single view into security risk across Active Directory forests. This provides the opportunity to leverage Vision for objective security posture comparison of any two forests. You can also compare the results and risk score of that environment with a forest in yours.
How do I get my hands on it?
Vision is currently in Preview Mode. If you’re interested and would like to be placed on our waitlist, head over to?TrimarcVision.com?and fill out the form.
"I am really excited about Vision as I feel that it will solve some of the very real challenges every organization with Active Directory experiences."
- Sean Metcalf, Founder & CTO, Trimarc Security
We asked Scott Blake, Director of Services for Trimarc Security, “What’s a blind spot most companies have but often miss?”
Active Directory Certificate Services?(ADCS) continues to be a glaring security blind spot in a majority of organizations Trimarc assesses. In many cases low privileged users are one malicious step away from granting themselves full rights to the environment. There are quite a few factors to consider when it comes to ADCS administration (and how it was previously administered) which complicate matters and make it difficult to know all the potential compromise pathways. Not to mention ADCS auditing, yes there's more auditing to consider, is rarely deployed which means most organizations would not be alerted to nefarious activity. Luckily, Trimarc has incorporated all the necessary checks into the?Active Directory Security Assessment?to ensure your ADCS environment is properly protected.
Recent news in the world of Identity Security:
On April 11, 2023, new LAPS capabilities were released with security updates for the following Microsoft products.
?
Microsoft Threat Intelligence has detected destructive operations enabled by MERCURY, a nation-state actor linked to the Iranian government, that attacked both on-premises and cloud environments. While the threat actors attempted to masquerade the activity as a standard ransomware campaign, the unrecoverable actions show destruction and disruption were the ultimate goals of the operation.
“The threat actor — believed to be the Lazarus Group —?that recently compromised 3CX's VoIP desktop application to distribute information-stealing software to the company's customers has?also dropped a second-stage backdoor on systems belonging to a small number of them.”
This CVE is a vulnerability in the Windows Common Log File System (CLFS) that?allows?attackers to gain SYSTEM privileges on target machines. It affects ALL supported Windows server and client versions. Its low complexity and ability to execute without user interaction makes this even more severe.
Trimarc Webinar
Saving The Marriage:?Easy Wins so?vSphere and Active Directory Can Live Happily Ever After.
The nature of virtual security as it stands today is that rather than decreasing tech debt and staying on the bleeding edge of secure virtualization, too often enterprises are just trying to outrun the bugs of old standards. Virtualization security today is where Active Directory security was a decade ago, making easy mistakes AD had long ago already improved upon in their development lifecycle. This webinar will provide practical solutions to help security professionals and CTOs protect their virtual infrastructure against potential threats.
领英推荐
This doesn’t have to be hard. At least, not every aspect of securing vSphere must be a herculean lift. There are easy wins you can achieve, right now or in the near term, to finally gain some ground on the bugs and?Demetrios Mustakas -Technical Director – Trimarc Virtual Security Team?is going to help you get there.
Conferences
Trimarc returns as a sponsor for one of our favorite conferences, BSides Charm, April 29th?and 30th. Stop by the Trimarc booth to get details on our service offerings and get a peek out our newest product currently in Preview,?Trimarc Vision.?Also, you can take part in the Trimarc Crypto Challenge, both on site and remotely by visiting?Challenge.TrimarcSecurity.com.
Trimarc returns to the Emerald Isle as a Silver Sponsor for BSides Dublin, May 27th, 2023. Trimarc founder and CTO?Sean Metcalf?will be there along with Trimarc Offensive Security Lead and co-host of Security Weekly,?Tyler Robinson.
Trimarc Publications
In this blog we will explore how vSphere Trust Authority works, the areas of security it improves, the deployment use cases of vSphere Trust Authority, and supporting examples to help both technical security and executive decision makers understand how it can strengthen their virtual infrastructure.
Locksmith Update
Jake Hildreth, Senior Security Consultant for Trimarc Identity Services recently released an update to his Locksmith tool, a tool you can use to identify and remediate common misconfigurations in Active Directory Certificate Services. This update has capability to check for?ESC8, one of several escalation paths with Active Directory Certificate Services (ADCS).
You can download Locksmith?here.
Trimarc Media
Podcasts
Trimarc Founder and CTO?Sean Metcalfis now a cohost on the Enterprise Security Weekly podcast, part of the greater Security Weekly crew. Check out Sean’s?latest episodes here.
Trimarc now hosts our own Happy Hour 1-hour Twitch stream, live, every Friday at 2pm ET on?Twitch.TV/TrimarcSecurity. If you don’t have the cycles to watch a full video stream live, you can catch past episodes on:
Service Spotlight:
Virtual
We asked?Demetrios Mustakas, Technical Director for the Trimarc Virtual Security Team, if you could pinpoint a specific problem with how enterprises utilized virtual infrastructure, what would it be?
“Tech Debt. Every aspect of the enterprise has it. It’s just the nature of virtual security as it stands today. As more companies rely on virtualization technology for their IT operations, the risk of cyber-attacks targeting these systems also increases. With that uptick in targeting, there has been a shift towards implementing stronger security measures to protect data and prevent unauthorized access. Our goal with the VISA to help facilitate practical solutions to help security professionals and CTOs protect their virtual infrastructure against potential threats.
VMware has responded to these concerns by introducing new security features and enhancements, including virtualization-based security (VBS), VM encryption and secure boot. As virtualization technology continues to evolve, security will remain a top priority for VMware and its users, with ongoing efforts to improve and enhance the security of vSphere. On June 15th, I’ll be giving a whole webinar about all of this as well as easy wins to secure virtual infrastructure. Tell your friends!”
Other Trimarc Services:
Cloud
It can't rain all the time.
The MCSA identifies issues in your Azure AD & Microsoft Office 365 tenant that attackers could leverage to access data, escalate permissions, and persist.
Active Directory
We are the Active Directory Security experts.
We identify multiple potential AD escalation paths and provide recommendations that are actionable, prioritized, & customized. Our recommendations can be implemented quickly (and phased in over time) to effectively mitigate your risks.?Attacker Tactics
Purple Team, reimagined.
How resilient is your environment against threats like ransomware? It’s okay if you don’t know, many aren’t aware of the holes in the armor. We leverage our collective expertise in offensive and defensive disciplines to identify strategic security risks impacting our customers.Interested in talking to the Trimarc technical team about our security assessment services? Please reach out to us here.