“Is it Really Good to be the King when it comes to Cybersecurity?”


In the realm of cybersecurity, the saying “It’s good to be the king” takes on a whole new meaning. While traditional kingdoms have only one king, the modern digital landscape presents a different scenario. In the intricate world of technical systems, there isn’t just a single ruling entity, but rather multiple administrators or power users who play crucial roles in safeguarding organizational networks and systems.

Today, numerous technical teams oversee various aspects of cybersecurity, including Networking, SecOps, DevOps, and IT, among others. Each team assumes responsibility for managing and supporting specific systems and equipment within the organization. Naturally, there is an inherent desire to perform these tasks with the utmost privileges, aiming for efficiency and freedom from constraints. These privileged users are commonly referred to as “Administrators,” “Admins,” or “Root” within their respective domains, such as routers or domain controllers.

However, it is essential to pause and contemplate the following question: “Should I always strive to be the most powerful entity in the cybersecurity kingdom?”

It’s worth considering whether relying on default administrative user accounts, which often come with extensive privileges, is truly advantageous or potentially more harmful in the context of cybersecurity. While such privileges may enable quicker actions or bypass certain limitations, they also carry significant risks that can compromise the overall security posture of an organization.

More to explorer

New Deployed Rules

Process CreationSuspicious Execution Location Of Wermgr.EXEPotential CVE-2023-36874 Exploitation – Fake Wermgr ExecutionNetwork Reconnaissance ActivityNode Process ExecutionsNslookup PowerShell Download Cradle – Process CreationSuspicious

New Deployed Rules

Account ManagementOutgoing Logon with New CredentialsRottenPotato Like Attack PatternScanner PoC for CVE-2019-0708 RDP RCE Vuln File EventWebDAV Temporary Local File CreationSCR File

New Deployed Rules

Process CreationMMC20 Lateral Movement Process CreationMMC Spawning Windows Shell Process CreationPotential Arbitrary Command Execution Using Msdt.EXE Process CreationSuspicious MSDT Parent Process Process

Sign up for our newsletter

Time to market

One-day SIEM integration