On December 12, Fortinet reported on a heap-based buffer overflow...
As a Cyber Security company, we have (a LOT of) experience with different EDR systems. To maximize our clients’ security profiles, we implement our tried-and-true best practice policies and configuration settings.
One of our clients, a financial corporation, was using CrowdStrike for their EDR protection.
We noticed there was unusual activity with the Nmap tool, a tool providing scanning discovery of network activity, so we decided to implement a detection rule to strengthen their endpoint protection posture.
Not long after implementing Nmap rule, we were alerted that an IT manager user was scanning the network using Nmap on a Friday night – a time it was definitely not supposed to be active!
While Nmap is a known tool we use to scan the network, it can be used for malicious activity as well. And in this case, one of the helpdesk computers was being used without permission.
After some research, we found that one of the Helpdesk team members had accessed his manger’s credentials and used it to preform scanning activity.
As a result of this proactive approach, we ensured all data remained intact and the guilty party’s credentials were removed while management investigated his intentions.
Are you using Nmap to scan your network? If you’re not sure, it is a good time to detect it.
Wondering how to get this done? Take a look!
On December 12, Fortinet reported on a heap-based buffer overflow...
לא משנה כמה חזקה ההגנה שלנו תהיה, לפעמים דברים ישתבשו...
This video link has expired. Please contact Michelle at [email protected]...