logo
October 8, 2024 | Dirk Schrader

How to Prevent Cyber Attacks: Strategies and Best Practices

Introduction to Cyber Attack Prevention In today's digitally connected world, any organization with digital assets and internet access is vulnerable to cyberattacks. That reality has become all too pervasive in recent years. While it may not be part of your business plan, protection against...
October 6, 2022 | Jeff Warren

Compromising Plaintext Passwords in Active Directory

A lot of attention gets paid to preventing pass-the-hash and pass-the-ticket attacks, but these tactics limit adversaries to what they can perform from the command line. Compromising a plaintext password gives an attacker unlimited access to an account — which can include access to web...
September 30, 2022 | Kevin Joyce

Stealing User Passwords with Mimikatz DCSync

Mimikatz provides a variety of ways to extract and manipulate credentials, but one of the most alarming is the DCSync command. Using this command, an adversary can simulate the behavior of a domain controller and ask other domain controllers to replicate information — including user password...
September 29, 2022 | Kevin Joyce

Resource-Based Constrained Delegation Abuse

Delegation is confusing and complicated for most IT administrators. Active Directory offers unconstrained delegation, constrained delegation and resource-based constrained delegation (RBCD). This blog post reviews why resource-based constrained delegation is more secure than its predecessors —...
September 28, 2022 | Jeff Warren

Manipulating User Passwords with Mimikatz

Using the ChangeNTLM and SetNTLM commands in Mimikatz, attackers can manipulate user passwords and escalate their privileges in Active Directory. Let’s take a look at these commands and what they do. Handpicked related content: [Free Guide] Active Directory Security Best...
September 28, 2022 | Jeff Warren

How to Detect Pass-the-Ticket Attacks

In our first post of the series, we looked at ways to detect pass-the-hash attacks, which exploit NTLM authentication within an Active Directory domain. Pass-the-ticket is a related attack that which leverages Kerberos authentication to perform lateral movement. Download eBook: CISA...
September 28, 2022 | Jeff Warren

What a DCShadow Attack Is and How to Defend Against It

DCShadow is a late-stage kill chain attack that allows an adversary with compromised privileged credentials to register a rogue Active Directory domain controller (DC) and replicate malicious changes, such as modifications that help them establish persistence. More specifically, DCShadow is a...
August 31, 2022 | Jeff Warren

Exploiting Service Accounts: Silver Ticket Attack

In the first post of these series we showed how an adversary can discover Active Directory service accounts with PowerShell, and the second post demonstrated how to crack their passwords using the Kerberoasting technique. Now let’s see how an attacker can exploit a compromised service account...
August 31, 2022 | Jeff Warren

Extracting Service Account Passwords with Kerberoasting

In our LDAP reconnaissance post, we explored how an attacker can perform reconnaissance to discover service accounts to target in a Windows Active Directory (AD) domain. Now let’s explore one way an attacker can use to compromise those accounts and exploit their privileges: Kerberoasting. This...
October 14, 2021 | Elena Vodopyan

[Infographics] Cybercrime In Numbers: How To Protect Your Organization

Cybersecurity attacks are increasing at an alarming rate every day. According to the Statista Cybercrime Incidents Report, over 29,000 cases were recorded in 2020 and the target nowadays are small firms as well as large businesses although in the past hackers were not interested by “small...
Show more articles
...