7MS #303: Evaluating Endpoint Protection Solutions
7 Minute Security29 Maalis 2018

7MS #303: Evaluating Endpoint Protection Solutions

I'm working on a fun project right now where I'm evaluating endpoint protection solutions for a client. They're faced with a choice of either refreshing endpoints to the latest gen of their current product, or doing a rip and replace with something else.

I've spun up a standalone AD environment with ~5 Win 10 VMs and nothing on 'em except a current set of patches. The idea is I can assign each workstation VM an install of INSERT_NAME_OF_POPULAR_AV_VENDOR_HERE and have somewhat of a "bake off."

Now what I'm finding is there are great sites like [AV Test](AV Test) or AV-Comparatives do a nice job of breaking down what kind of performance, features, and management offerings a given vendor has. But what I haven't found is some structured testing for "act like a bad guy" actions. I'm thinking things like:

  • Mimikatz tomfoolery
  • Lateral attacks with Metasploit shells
  • Egress port scanning (to find an acceptable outbound port for C2 or data exfil)
  • Jacking around with various PowerShell scripts and commands

However, thanks to some awesome friends on Slack they pointed me to what looks to be a nice set of scripts/tests - many of which could be used to see what kind of behaviors the endpoint protection will catch. So coming up in part #2 of this series, I'll do a deeper dive into:

Jaksot(683)

7MS #43: Why Web Site Vulnerability Scanners Can Ruin Your Day (audio)

7MS #43: Why Web Site Vulnerability Scanners Can Ruin Your Day (audio)

Did you know that Web site vulnerability scanners can destroy your customer sites? If not, listen to this. 7MS #43: Why Web Site Vulnerability Scanners Can Ruin Your Day (audio)

28 Helmi 20157min

7MS #42: Vulnerability Scans vs. Pentests (audio)

7MS #42: Vulnerability Scans vs. Pentests (audio)

I think everybody throws around the terms “vulnerability scans” and “pentests” and they mean completely different things from one person to the next. In this episode I try to clarify the differences and distinctions (in my mind, anyways). 7MS #42: Vulnerability Scans vs. Pentests (audio)

14 Helmi 20157min

7MS #41: OSCP – Part 7 (audio)

7MS #41: OSCP – Part 7 (audio)

Tried of talking about OSCP yet? Me neither! 7MS #41: OSCP – Part 7 (audio)

6 Helmi 20156min

7MS #40: OSCP – Part 6 (audio)

7MS #40: OSCP – Part 6 (audio)

PART SIX of a mind-bending series all about OSCP! 7MS #40: OSCP – Part 6 (audio)

31 Tammi 20157min

7MS #39: Infosec on the Disney Boat (audio)

7MS #39: Infosec on the Disney Boat (audio)

I took a Disney cruise with my family recently, and one particular aspect of the trip gave me the Big Brother heebie-jeebies. 7MS #39: Infosec on the Disney Boat (audio)

24 Tammi 20158min

7MS #38: OFFTOPIC – Health and Infosec (audio)

7MS #38: OFFTOPIC – Health and Infosec (audio)

Every once in a while I thought it would be fun to go slightly off topic and talk about other stuff I’m interested in. This episode kind of has a tech twist though. I talk about how I use my iPhone and a few apps to stay at least a little bit in shape. 7MS…

17 Tammi 20157min

7MS #37: Keimpx (audio)

7MS #37: Keimpx (audio)

Ever wanted to pass hashes a whole network at a time? Check out this episode, where I talk about one of my fav new tools called Keipmx. 7MS #37: Keimpx (audio)

10 Tammi 20157min

7MS #36: OSCP – Part 5 (audio)

7MS #36: OSCP – Part 5 (audio)

More talk about OSCP goodness. Download: 7MS #36: OSCP – Part 5 (audio)

3 Tammi 20157min

Suosittua kategoriassa Politiikka ja uutiset

rss-podme-livebox
aikalisa
ootsa-kuullut-tasta-2
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
politiikan-puskaradio
aihe
rss-vaalirankkurit-podcast
the-ulkopolitist
rikosmyytit
rss-kovin-paikka
rss-mina-ukkola
linda-maria
rss-hyvaa-huomenta-bryssel
rss-tyolinjalla-pekka-sauri
radio-antro
rss-aijat-hopottaa-podcast
rss-raha-talous-ja-politiikka
rss-kyselytunti
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset