EDR: Is it worth it?

When working with smaller businesses, sometimes we’re asked whether Endpoint Detection and Response solutions are worth the money, over and above traditional anti-virus.  Much of the time, EDR is used in large enterprises in conjunction with a sizeable technical team of experienced professionals who engage in active response and threat hunting as their full-time job.  It can be difficult for smaller businesses to see where EDR might fit in.


Nessus Scanning with SSH Proxies

Unfortunately, Nessus does not support SSH proxying. This is a problem when scanning remote hosts behind a bastion box, especially when it is not possible to bind or connect to a new port to the bastion box due to firewall rules. Binding a port to localhost and pointing Nessus to is also not an option as Nessus handles scanning localhost in a different way and will report issues with the scanning box itself.

In a pinch it is possible to hack around this problem by tricking the Nessus scanner into thinking it’s scanning the remote host when it is in fact connecting via a port bound to the localhost. Iptables to the rescue….

COVID-19 Update

The impact of the COVID-19 outbreak on Cyberis’ ability to deliver services is currently minimal. We have always promoted a flexible working culture, with many of our consultants working from home on a regular basis.

Online Password Auditing of a Domain Controller

Password auditing of a domain traditionally involves obtaining copy of the ntds.dit and performing some offline analysis which can be time consuming. The DSInternals PowerShell Module has an Active Directory password auditing cmdlet which performs checks for default, duplicate, empty and weak passwords.  The audit can be performed against a domain online via DCSync, saving the need to obtain a copy of the ntds.dit.  This can be of benefit if regular password audits are being performed.

Install DSInternals as an administrator by using: