Posts by Guillaume Ross

0 min Incident Response

From the trenches: Breaches, Stories, Simple Security Solutions - from MacAdmins at PSU

Over the last few months, Jordan Rogers [/author/jordan-rogers] and I have been speaking about the benefits of doing the basics right in information security. Reducing noise, avoiding the waste of precious budget dollars on solutions that will not be used to their fullest, as well as improving the overall security of your enterprise are all goals that can be achieved with some of these simple tips. We presented a hybrid Mac/Windows version of this talk at the MacAdmins conference at PSU [http:

5 min Windows

Revoking and Pinning Certificate Authorities in Windows

Situations come up relatively frequently where a specific certificate authority, trusted by browsers and operating systems, acts in a way that the users of those products would consider untrustworthy. In the enterprise, with services exposed to the Internet and employees traveling, working from Wi-Fi and other insecure connections, this is also a very important issue, as the use of some of these less than tasteful certificates could lead to data (and credential!) interception. Fortunately, if

7 min Haxmas

12 Days of HaXmas: What Home Alone Can Teach About Active Defense

This post is the fourth in the series, "The 12 Days of HaXmas." As you venture from the world of defense, including protecting and monitoring systems, into the realm of active defense, who can be your mentor? Who can make you as cool as Frosty? Does anyone know enough about active defense to make a movie out of it? OF COURSE! Macaulay Culkin is the mentor you are looking for. More precisely, Kevin McCallister [http://www.imdb.com/character/ch0004114/?ref_=tt_cl_t1], from the Home Alone fra

12 min Apple

Reduced Annoyances and Increased Security on iOS 9: A Win Win!

Introduction Early this year, I posted an article [/2015/02/26/the-gif-guide-to-ios-security] on iOS Hardening that used animated GIFs to explain most of the recommended settings. Since then, iOS 9 was released, bringing along many new features [http://www.apple.com/ca/ios/whats-new/], including better support for Two-Factor Authentication, as iMessage and FaceTime now work without the need for app-specific passwords, and as your trusted devices now automatically get trusted when you authentic

4 min Microsoft

Microsoft Attack Surface Analyzer (ASA): It's for defenders too!

Attack Surface Analyzer [http://www.microsoft.com/en-us/download/details.aspx?id=24487], a tool made by Microsoft and recommended in their Security Development Lifecycle Design Phase [http://www.microsoft.com/en-us/sdl/default.aspx], is meant primarily for software developers to understand the additional attack surface their products add to Windows systems. As defenders, this tool can be very useful. The tool is meant to identify changes on a system that can have an impact on security, such as

9 min Windows

Reducing Windows Attack Surface with User Rights Assignment

As we know, attackers leverage legitimate credentials to move through systems, escalate privileges or get access to data. Managing privileged accounts such as administrator accounts, shared accounts and service accounts is a difficult problem to solve. Even if service account passwords are managed securely, they still remain at risk of being compromised through exploitation of services using them, lack of support for encrypted configuration files on some systems, pass-the-hash attacks, or the

2 min

Are you really protected against Group Policy Bypass and Remote Code Execution? MS15-011 & MS15-014

In February, Microsoft published two hotfixes to address issues with Group Policies. * Microsoft Security Bulletin MS15-011 - Critical [https://technet.microsoft.com/en-us/library/security/ms15-011] * Microsoft Security Bulletin MS15-014 - Important [https://technet.microsoft.com/en-us/library/security/ms15-014] Together, these patches address the following issues: * CVE-2015-0008 MS15-011: Vulnerability in Group Policy Could Allow Remote Code Execution (3000483) | Rapid7 [h

5 min Apple

Top 10 list of iOS Security Configuration GIFs you can send your friends and relatives

Easily share these animated iOS Security tips with friends and relatives! While iOS is generally considered to be quite secure, a few configuration items can improve its security. Some changes have very little functionality impact, while others are more visible but probably only needed in specific environments. This guide contains some of the most important, obvious ones, and contains a GIF for each configuration step to be taken. If you already know everything about iOS security, use this a