Tag: Cybercrime
October 8, 2024 |
How to Prevent Cyber Attacks: Strategies and Best Practices
Introduction to Cyber Attack Prevention
In today's digitally connected world, any organization with digital assets and internet access is vulnerable to cyberattacks. That reality has become all too pervasive in recent years. While it may not be part of your business plan, protection against...
October 6, 2022 |
Compromising Plaintext Passwords in Active Directory
A lot of attention gets paid to preventing pass-the-hash and pass-the-ticket attacks, but these tactics limit adversaries to what they can perform from the command line. Compromising a plaintext password gives an attacker unlimited access to an account — which can include access to web...
September 30, 2022 |
Stealing User Passwords with Mimikatz DCSync
Mimikatz provides a variety of ways to extract and manipulate credentials, but one of the most alarming is the DCSync command. Using this command, an adversary can simulate the behavior of a domain controller and ask other domain controllers to replicate information — including user password...
September 29, 2022 |
Resource-Based Constrained Delegation Abuse
Delegation is confusing and complicated for most IT administrators. Active Directory offers unconstrained delegation, constrained delegation and resource-based constrained delegation (RBCD).
This blog post reviews why resource-based constrained delegation is more secure than its predecessors —...
September 28, 2022 |
Manipulating User Passwords with Mimikatz
Using the ChangeNTLM and SetNTLM commands in Mimikatz, attackers can manipulate user passwords and escalate their privileges in Active Directory. Let’s take a look at these commands and what they do.
Handpicked related content:
[Free Guide] Active Directory Security Best...
September 28, 2022 |
How to Detect Pass-the-Ticket Attacks
In our first post of the series, we looked at ways to detect pass-the-hash attacks, which exploit NTLM authentication within an Active Directory domain. Pass-the-ticket is a related attack that which leverages Kerberos authentication to perform lateral movement.
Download eBook:
CISA...
September 28, 2022 |
What a DCShadow Attack Is and How to Defend Against It
DCShadow is a late-stage kill chain attack that allows an adversary with compromised privileged credentials to register a rogue Active Directory domain controller (DC) and replicate malicious changes, such as modifications that help them establish persistence. More specifically, DCShadow is a...
August 31, 2022 |
Exploiting Service Accounts: Silver Ticket Attack
In the first post of these series we showed how an adversary can discover Active Directory service accounts with PowerShell, and the second post demonstrated how to crack their passwords using the Kerberoasting technique. Now let’s see how an attacker can exploit a compromised service account...
August 31, 2022 |
Extracting Service Account Passwords with Kerberoasting
In our LDAP reconnaissance post, we explored how an attacker can perform reconnaissance to discover service accounts to target in a Windows Active Directory (AD) domain. Now let’s explore one way an attacker can use to compromise those accounts and exploit their privileges: Kerberoasting. This...
October 14, 2021 |
[Infographics] Cybercrime In Numbers: How To Protect Your Organization
Cybersecurity attacks are increasing at an alarming rate every day. According to the Statista Cybercrime Incidents Report, over 29,000 cases were recorded in 2020 and the target nowadays are small firms as well as large businesses although in the past hackers were not interested by “small...