Month: September 2022

KEMP Microsoft Experts Speakers at Teched & Their Sessions
Table of Contents
Bulletproofing Your Network Security
Monday, May 12, 2013, 1:15 PM – 2:45 PMSpeaker(s),: Erdal Ozkaya, Milad Andlaner Track: Windows Phone and DevicesSession Type : BreakoutTopics: Security, Trustworthy ComputingLearn how to stop hackers in their tracks. This session will demonstrate the best tools and techniques for hardening your devices, from your laptop to your phone to your servers and services.
Key insights that were previously reserved for only the top IT staff at the NSA and other Federal agencies have been made available to you. Find out how to make your network secure so you are always ahead of malicious insiders and cyber criminals. Are you still not convinced? This session will change the way you think and help you to build a secure network. You will be compelled to double-check your security after the presentation.
PCIT-B319TWC: Social Engineering: Manipulations and Targeted Attacks and IT Security
Tuesday, May 13, 5:00 PM – 6 :15 PMSpeaker(s), Erdal Ozkaya and Milad Aslaner Track : People-centric ITession Type : BreakoutTopic : Security, Trustworthy ComputingWe can see a shift in the way malware engineers target enterprises. The new world has seen a shift in the attack landscape. They now target specific targets, especially on social networks. Guess what? You know what? The CEO, CTO, and even the girl next to you all have a social networking account. This session will examine how social engineering has evolved over time and discuss lessons learned from the field about how to avoid traps.
WIN-B351 Hacker tools for ethical hackers to protect Windows clients
Wednesday, May 14, 2010 at 10:15 AM – 11:15 AM. Speaker(s): Raymond Comvalius, Erdal Ozkaya Track: Windows, Phone and Devices. Session Type: BreakoutTopic Windows Operating System. If you want to protect your Windows environment, you need to know the methods used by cyber criminals. This session will show you the most common hacking tools, how they can cause damage, and how to be aware of them before they reach your network. Learn how Windows Clients can help you protect your network from some of these attacks.
OFC-B329 Role Based Access Control (RBAC), Makes Sense for You
Thursday, May 15, 8:30 AM – 9 :45 AM Speaker(s): Bhargav ShuklaTrack Office Servers and ServicesSession Type : BreakoutTopic : Microsoft ExchangeRole Based Access Control was introduced with Microsoft Exchange Server 2010. Lync Server and other Microsoft products also use the RBAC framework. This session will provide insight from an RBAC expert about his real-world implementation in an Exchange environment. He also shares his experiences from teaching MCM candidates for the Lync and Exchange MCM programs. Learn from real-world examples how RBAC can work for you in Lync and Exchange deployments.
OFC-B271 Integration of Microsoft Exchange Server 2013 with Lync & SharePoint
Thursday, May 15, 2013, 1:00 PM – 2:05 PMSpeaker(s), Bhargav ShuklaTrack Office Servers and ServicesSession Type BreakoutTopics: Microsoft Exchange, Microsoft Lync and Microsoft SharePoint. While each product is great, when they are combined, it creates a powerful productivity booster and an amazing user experience. The Microsoft Office 2013 product family includes integration features that make products more efficient. We will discuss the integration of Microsoft Lync Server 2013 with Exchange Server 2013 as well as the benefits it brings to both the organizations investing in these products, and the end users who can benefit from it.
SPEAKER BIOS
Erdal Ozkaya Kemp Technologies Regional Director
Erdal Ozkaya, Bachelor in Science

Security Failures at Kaseya VSA: Consequences for Breach
Table of Contents
Another large-scale cyber-attack has been witnessed around the world. Kaseya, an IT Systems Management Software company, reported a security breach that affected their on-premises version Kaseya Virtual System Administrator (VSA). It was estimated that up to 1500 companies were held hostage by a ransom demand.
These incidents are becoming more common. As a result, attackers are focusing more on exploiting zero-day vulnerabilities in system administrator software. Remote monitoring and management (RMM), tools such as Kaseya VSA or Solarwinds, are making the situation worse. This allows attackers to penetrate customer networks and operate with implicit and unspoken trust, initiating commands, and deploying malware.
Most security vendors recommend that RMM users allowlist (formerly known as whitelisting), specific folders or executables in order to prevent disruptions in service due to false positive detection. These folders and executables are trusted. Allowlisting can lead to the initial bypassing endpoint security protection systems that depend on detecting suspicious activities before blocking actions can be taken. Comodo Threat Research Labs has (CTRL) analysed the VSA attack. Below is analysis to show how Comodo Active Breach Protection protects endpoints against sophisticated attacks, even if all attack vectors are trusted.
Our analysis first identified the exploit of a zero day vulnerability [CVE-2021-30116]. Credit goes to Wietse Boronstra, a researcher at the Dutch Institute for Vulnerability Disclosure, who discovered and reported this vulnerability under responsible disclosure guidelines to Kaseya. We don’t have enough information about the exploit. We do know that attackers used an authentication bypass in Kaseya VSA’s web interface to gain an authenticated session, upload ransomware payload, then execute commands via Kaseya agents by using a SQL injection vulnerability from Kaseya VSA.
Although the attack was limited to Kaseya VSA servers on-premises, SaaS services were also affected. Kaseya advised that all VSA servers be shut down immediately after the incident. However, as of this post, SaaS services were still offline and they are working on patches for both SaaS servers and on-prem servers. Kaseya published a Compromise Detection tool to determine if there are indicators of compromise (IoC). CISA and FBI released guidance for MSPs and their customers affected: ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa
We created a map of the Kaseya VSA attack on the Mitre ATT&CK framework to further analyze the breach.
Reconnaissance – Weaponization
We don’t know much about this first step. It is clear that the attackers, identified by REvil (aka Sodinokibi), the same group behind the May 1, 2021, JBS Food Processing Ransomware Attack, exploited a zero day vulnerability in Kaseya VSA which is an asp.net app. In this reddit post, HuntressLabs Team analyzed one of the compromised servers and suspect dl.asp has an authentication vulnerability granting a user a valid session and allowing the user to access files that typically require authentication, specifically KUpload.dll and userFilterTableRpt.asp.
KUpload.dll allows upload functionality that bypasses authentication. This allows attackers to upload malicious executables to the victim’s system. We also found userFilterTableRpt.asp was susceptible to an SQL injection vulnerability, allowing remote code execution and initial compromise of the VSA server.
Delivery
The delivery method is concealed behind a Kaseya VSA agent Hot-fix package. This package contains agent.crt and Screenshot.jpg files. They are then written to the c.kworking folder. This folder is o

TechEd: Justification
It’s difficult to justify spending employees’ time and wages on technical conferences in these tough economic times. This conversation highlights the essential benefits of Tech Ed and the benefits it brings to a company.

You can see it here:
Events/TechEd/Europe/2009/TTK223

For more Video Tutorials

Learn more about Tech Ed
Microsoft Ignite, an annual conference for developers and IT professionals, is hosted by Microsoft. It has been held in many locations around the globe. In 1993, the first conference, now known as TechEd in Orlando, Florida, USA, was held. The last TechEd to use that name was the 2014 TechEd in Barcelona. Microsoft introduced Microsoft Ignite in 2015, after which it altered its conference schedule.
The conference lasts for three to five days and includes whiteboard sessions, hands-on labs, and presentation and whiteboard session. It provides opportunities to meet Microsoft MVPs, experts, and community members. Parties, community areas, and “Ask the Expert” sessions are all ways to increase networking. There will be an area for vendors to display their products and technologies at the event. The content catalog is extensive and attendees can choose the most useful sessions from it. Before the conference starts, an agenda is posted online.

Julia White recommends us
As you all know, Microsoft Ignite is right around the corner. This year, I will be presenting with Raymond Comvalius, my dear friend and Microsoft MVP.
This year is even more special because Julia White, Microsoft Corporate Vice President, mentioned our session as a must-attend one. Halt Hackers: Can those tricks work on Windows 10?
Remember, we look forward to seeing you in Orlando
Erdal
Julia White: Who are you?
Julia White, Microsoft corporate vice-president of product marketing for Azure and developer tools, has resigned to join SAP. White will be SAP’s chief marketing officer and solutions officer, and will also serve on the executive board. SAP announced White’s new position along with Scott Russell’s appointment to its executive board. Russell was previously president of SAP Asia Pacific Japan, APJ.
White has been with Microsoft almost 20 years. White began her career as a product manager for the Windows Server division, and then she became the general manager of the Office Division. Her demos at Microsoft events may be what people outside of Microsoft will most recognize. White has presented at many Microsoft events over the years, including the unveiling of the HoloLens 2 (and Azure Kinect DK)
Her linkedin
Passionate about technology, driving digital change, and powerful storytelling. I thoroughly enjoy my B2B cloud technology focus. Outside of work, I am a member of the Board of City Year Seattle/King County. This is an anti-racist youth empowerment organization. Pronouns: She/Her.
After 20 years, Julia White, Microsoft’s Corporate Vice- President, is leaving the company. Julia White was responsible for product marketing for Azure, Developer Tools, and Servers for the past five years. Julia White joined Microsoft in 2001 as a Product Manager.
Today, SAP announced that Julia White will be joining the company as chief marketing officer and solutions officer. SAP stated that White will help strengthen the company’s go-to market approach by focusing on product, industry, and digital marketing. She will also focus on bridging customer needs and ecosystem needs through product development.
We reported on a high-profile exit at Microsoft earlier this week. Brad Anderson, Corporate Vice-President of the Commercial Management Experiences group, has resigned from Microsoft. At Microsoft, Brad was responsible for deploying the Microsoft 365 Modern Workplace, as well as engineering/defining/delivering commercial Windows, management, and security of PCs and mobile devices. Brad Anderson, who spent 17 years at Microsoft is now President of Products & Services at Qualtrics.
Julia White biography
Julia White is Chief Marketing & Solutions Officer at SAP SE and a member of the Executive Board. White is responsible for leading the product and industry value propositions, go to market approach, global brand, digital marketing, corporate communications and government affairs.
After nearly 20 years with Microsoft Corporation, White joined SAP. She was most recently the Corporate Vice President of Product Marketing for Microsoft Azure, helping to grow the company to become the second largest public cloud in the world. Prior to this, she worked for 8 years in the Office division. She was instrumental in the evolution of Office 365 from an on-premises technology into a leader in cloud productivity services. White joined Microsoft in 2001 to be a product manager on the Enterprise Server team. In 2005, White moved to Microsoft’s US division as a product manager in the Enterprise Server team. She spent two years leading channel incentives for go-to-market and other functions.
White holds a bachelor’s degree in economics from Stanford University, and a master’s of business administration from Harvard Business School.
White is a member of the Board of City Year Seattle/King County. This anti-racist youth empowerment organization was chartered in order to support White.

Comodo Cybersecurity joins as CISO
I am thrilled to announce my joining the Comodo family. I am excited to work with Melih Abdulhayoglu (our new CEO), and Dave Karp (our new Chief Strategy Officer), as well as the heroes of Comodo, Fatih Ohan, Mehmet Ozer Mein, Alan Knepfer, and each member of our Comodo team.
Customers need a better, more integrated, and cheaper way to prevent the onslaught attacks!
For more info : comodo-cybersecurity/

Below is my career summary for those who don’t know me:
Role Company Location
COMODO SECURITY SOLUTIONS (CSS): THE STORY, INC
Comodo’s innovative cybersecurity platform renders cyberattacks impossible across all platforms, including the web, LAN and cloud.
Customers can use the Comodo Dragon platform to protect their data and systems against any military-grade threat, including zero-day attacks. It is highly efficient in addressing ransomware attacks. CSS is a New Jersey-based company that has been protecting sensitive data for consumers and businesses worldwide for over 20 years. CSS set out to be the global leader in endpoint security in 2018.
CSS technology is precise, robust, and tailored to solve problems quickly and without undue stress. It gives an instant verdict on any file status, which can be used by software or human analysts to determine the best course of action. CSS is unique because it makes it possible to go from reactive to proactive. It allows you to protect all areas of business activity and threat – from network to web to cloud – with confidence and efficacy.
This technology is fast and competent, ensuring a seamless user experience that promotes customer trust. It recognizes a crucial reality: While you can’t prevent all malware, you can make malware less prevalent.
Innovative Cybersecurity Solutions to Make Attacks Ineffective
The Problem
Some things are inevitable in life, and malware is one of those things. Experts estimate that each day, approximately one million new malicious software, including worms, Trojans and worms, is being created by emerging viruses, worms, Trojans, or other malicious “wares.” Many cybersecurity vendors promise protection against all threats, but they don’t. No one can.
Businesses and individuals must understand that malware cannot always be blocked successfully. Undiscovered threats are now a reality in the digital age. This means that a holistic and innovative approach to protecting yourself against the formidable enemy is required.
The EffectData surveys give a glimpse at how far down today’s malware attack cycle has traveled, and the results are alarming at best. Companies continue to focus on “protection” and ignore the redundancy or inability of their security layers, which results in a porous security position with limited capabilities.
An attack cycle is made up of four key stages.
Delivery of malwarePre-executionRuntime as malware attempts to executePost-damage remediationWhile a great deal of this threat can be prevented in the first phase, the defense in depth ability to block malware execution in real time–and repair the damage–hovers around 85%. This is simply not enough to defeat the greatest enemy in the world of computing.
Comodo Cybersecurity SolutionComodo Cybersecurity has been a leader in cybersecurity since over twenty years. They seek to protect businesses by understanding how the digital environment works and what malware is needed to survive. It cannot breathe if it doesn’t have unrestricted access or the ability to execute its malicious programs.