BeyondTrust Unveils New Integrations, Productivity, & Security Enhancements with Version 5.4 Release of Privilege Management for Windows and Mac

by Kris Zentek  | 

​BeyondTrust is pleased to announce the 5.4 release of Privilege Management for Windows and Mac (PMWM) (formerly Avecto Defendpoint), our market-leading solution for enabling users and administrators to work securely and efficiently on desktops and servers—without the need for local admin rights. The release of Privilege Management 5.4 introduces: The ability to manage privileges for Microsoft Windows servers, Windows desktops, and Apple MacOS assets from our comprehensive platform, BeyondInsight The functionality to allow non-admin users to selectively install and uninstall applications in the /Applications/directory, empowering users to manage their own installs and upgrades in a policy-control manner alongside BeyondTrust and 3rd-party solutions A new name, branding, and logos

Insights on Password Security from a Matrix-themed Linux Attack and Defense CTF

by Jay Beale  | 

In Episode 8 of my Linux Attack and Defense webinar series, I attack a Capture the Flag (CTF) virtual machine themed after the first Matrix movie. Over the course of the attack, I use a local file inclusion (LFI) vulnerability to pull the web server’s hashed password file. The password in that file “cracks,” that is, matches a hash, quite quickly. The rest of the attack hinges on this step. Now, with that said, as a red teamer and penetration tester with quite a bit of experience in password security, I’d like to talk about password strength. In the webinar, we dealt with an LFI vulnerability, but what about the ease with which we were able to crack a password? We were able to crack the password in just seconds. This is partly due to the hash choice used in a web server htaccess file, but the real culprit here was a dictionary word password, with letters changed to numbers. Not all passwords are created equal, not by far.

What it’s like to be a CTO/CISO at this Year’s Gartner Security & Risk Management (SRM) Summit

by Morey J. Haber  | 

​One of the more interesting aspects of having dual roles (CTO & CISO) within BeyondTrust is attending conferences as both a vendor (CTO) and as a potential security customer (CISO). As a CTO, I’m attending events to share insights around security challenges that our solutions can help address, and I often present on topics related to privileged threats, privileged access and identity management, and vulnerability management. However, with my CISO hat on, I’m in attendance to learn about the latest security and risk challenges, to help me formulate and evolve a strategy to keep my organization as safe as reasonably and affordably possible.