RID hijacking is a persistence technique used by adversaries who have compromised a Windows machine. In a nutshell, attackers use the RID (relative identifier) of the local Administrator account to...
Using groups is a best practice for Active Directory management. This article describes the two types of Active Directory groups — security groups and distribution groups — and offers guidance...
Cybersecurity
April 14, 2023
Commonly referred to as Zerologon, CVE-2020-1472 is the Common Vulnerabilities and Exposures (CVE) identifier assigned to a vulnerability in Microsoft's Netlogon Remote Protocol (MS-NRPC). MS-NRPC...
Infrastructure
December 2, 2022
Roles make it easier to grant and revoke privileges for users of a relational database. Rather than managing privileges for each user individually, you manage privileges for each role and all...
Cybersecurity
November 29, 2022
What is Commando VM?
Commando VM is a testing platform that Mandiant FireEye created for penetration testers who are more comfortable with the Windows operating system.
Essentially, Commando VM is...
Identity
November 14, 2022
Understanding Active Directory (AD) permissions is vital for cybersecurity, compliance and business continuity. In this blog, we’ll be going over, at a high level, how Active Directory permission...
Identity
October 13, 2022
Group Managed Service Accounts Overview
The traditional practice of using regular user accounts as service accounts puts the burden of password management on users. As a result, the account...
Identity
October 11, 2022
What is WDigest?
Digest Authentication is a challenge/response protocol that was primarily used in Windows Server 2003 for LDAP and web-based authentication. It utilizes Hypertext Transfer Protocol...
Cybersecurity
September 30, 2022
Active Directory accounts with elevated privileges pose a serious security risk: They are a top target for attackers because they provide administrative access to systems and data, and they can also...
Cybersecurity
September 30, 2022
Mimikatz provides a variety of ways to extract and manipulate credentials, but one of the most alarming is the DCSync command. Using this command, an adversary can simulate the behavior of a domain...