As a global cybersecurity company, we’re proud to be at the forefront of protecting organizations and our society against cyber threats. Our purpose has been clear since day one: Creating safety and sustainability in a digital world by preventing cyber breach and minimizing impact.
It’s what we achieve together as a team that sets us apart. We work tirelessly every day to help you defend your most valuable data assets. Our team consists of cyber specialists covering the full spectrum of cybersecurity, each of us contributing with our unique expertise, willingness to make a difference, and a genuine wish to help. Our shared knowledge and a strong sense of purpose give us a leading edge in our quest to fight cybercrime.
A medical body area network inside you enables unknown others to remote control your ability to urinate. Beware of advances in technology. Discussions about the dangers of medical body area networks aught to be at the top of the political agenda worldwide. They are enslavement technologies.
I think it's important to also note, that in a live environment - You can't just switch service accounts around. As there are dependencies. A Service Account is often used across of servers, which would after tiering be divided into Tier 0 and Tier 1. I like the overall idea here, it's something i implement myself and having a nice script to help is top notch! Though i must say in a operational structure, where u can't just go offline on servers etc, you need to analyze each server for URA (User Right Assignments) And figure out, if you break service accounts after GPO's are applied. Thanks for the video :)
Tier 0 = Domain Controllers, PKI, ADFS, SCCM, SCOM, Exchange IDM/IAM, AAD Connect/Sync server, Backup and hypervisors. Tier 1 servers could be the rest of your server infrastructur. E.g., som SQL Servers, fileservers etc.
First, source Hummingbird, Mocha, PCOMM, or Rumba (terminal emus). Next, become acquainted with ISPF, SUPERSESSION, and TSO. Then learn about RACF and/or TopSecret. Also, not all z/OS mainframes are running UNIX System Services.
Comment section: if you simply obtained the script and applied the configs to your sandbox environment, your knowledge and skills will only suffer. Recreate the commands by slowly scrubbing through the video if you want to enhance your understanding. There are no shortcuts. Or just search online.
Basically you went through all of the work of setting up a tiering system only to revert back to the classic "Domain Admin has access to everything" model. The point of tiering is to segment administrative access and not expose privileged accounts more than needed. You exposed the T0 accounts to risk by allowing them to log on to a potentially compromised workstation in an upper tier. Baaaaaad!
You should not allow T0 accounts access to anything outside of T0. Any admin of T1 assets should be using a T1 only account. This is directly from the Microsoft DART Team
Thanks for showing precisely how not to hack a RACF system. There are standard and simple controls against all those efforts. That you don't know the huge difference between SPECIAL and OPERATIONS says it all.
Hi Micke I cannot find this Truesec Reactor github page unfortunately. Will the files be avaliable later on maybe? I would like to try yourt script. Thanks
Great explanation, but.. Moving servers, drag n drop?! What is the expected impact on the working of the server? What happens when I move my DC’s to the tier 0 folder?
Visibility of IoT devices is a problem. EDR can help by checking all traffic from all devices, even from unknown unmanaged IoT devices and keep an eye on what’s happening in your network.
Awesome video gentlemen....I could also speak on red teaming and adversary emulation for weeks non-stop. Love the notion of threat based emulation as it reduces the threat surface to the most likely attacks and thus is far more efficient!
