How to Enable PowerShell Transcript Logging

Since its release in 2008 PowerShell has quickly become one of the most powerful system administration tools for Windows. The modern cmdlet’s offer more functionality than its cmd predecessor, however this has sometimes been exploited by nefarious actors to perform attacks and bypass traditional security measures.

In this post I’ll be covering the steps necessary to setup PowerShell transcript logging to a networked file share.

Read More

How to store BitLocker keys in Active Directory

BitLocker is a fantastic way to protect the data stored on computers and thwart some offline tampering attacks. However, if you’re using BitLocker within a business environment, keeping track of the recovery keys can be quite burdensome. Thankfully Microsoft has developed a way to automatically save BitLocker recovery keys to active directory.

In this post I’m going to be going through the process, step-by-step, to enable BitLocker recovery key saving to active directory. Plus we’ll take a look at how computers that are already encrypted can retrospectively have their recovery keys backed up to active directory.

Read More

Barkly Runtime Malware Defence

Shortly after publishing my previous blog post, I accidentally stumbled upon Barkly. They represent a new breed of security technologies which have departed from traditional signature based detection methods and instead utilise machine learning and behaviour analysis for malware prevention.

At the time, I hadn’t heard of Barkly before. After a quick search online I found no independent reviews or any real exposure within IT communities such as Reddit’s /r/Sysadmin, /r/NetSec or Spiceworks. This needed to change, so I reached out to Barkly for a review copy and they were kind enough to hook me up with a trial.

In this post I’ll be putting Barkly through its paces and seeing how well it performs against a variety of threats, including ransomware, trojans, and exploits.

Read More

Next Gen: Cylance Antivirus Review

CylancePROTECT

About two years ago, I stumbled upon Cylance. They marketed their product, CylancePROTECT, as being ‘next
generation’ security software, utilising artificial intelligence and machine learning to beat malware and other online threats. Instantly I was intrigued. Wanting to know more, I started looking online for community reviews and/or downloadable trials. Unfortunately neither seemed to exist, so I put a bookmark in my browser and decided to return again another day.

Fast track to today, and things have changed. There’s been a public AMA on RedditNSS Labs and AV-TEST have tested the product, and best of all, it can now be purchased for use on individual PCs via MalwareManaged.

In this blog post I’m going to be testing the security effectiveness of Cylance PROTECT, and putting it head to head with other competing products from TrendMicro, ESET, Sophos, Webroot and Malwarebytes.

Read More