logo
November 29, 2024 | Dirk Schrader

A Comprehensive Look into Password Attacks and How to Stop Them

There are some things you want to keep private such as your bank account number, government ID number, etc. In the digital age, that includes the passwords that protect these accounts because once your account credentials are compromised, cybercriminals can get that information. That is why...
November 15, 2023 | Dirk Schrader

The Ultimate Guide to Password Best Practices: Guarding Your Digital Identity

In the wake of escalating cyber-attacks and data breaches, the ubiquitous advice of "don't share your password" is no longer enough. Passwords remain the primary keys to our most important digital assets, so following password security best practices is more critical than ever. Whether you're...
January 27, 2023 | Joe Dibley

Tips for Better Password Management

Even as more advanced forms of authentication, such as biometrics, are developed and implemented, passwords continue to be a commonly used form of authentication. This is partly due to the fact that they are relatively simple to implement and require little infrastructure to support. However, the...
November 3, 2022 | Joe Dibley

Cracking Active Directory Passwords with AS-REP Roasting

One critical way that attackers gain access to an IT environment and escalate their privileges is by stealing user password hashes and cracking them offline. We covered a method for harvesting service account passwords in our post on Kerberoasting. Here we will explore a technique that works...
October 27, 2022 | Joe Dibley

Attacking Local Account Passwords

Learning how attackers target weak domain account passwords is not enough for Active Directory security. Let’s look beyond domain accounts and understand the ways adversaries attack local accounts on Windows servers and desktops.  For this post, we will focus on the most important local account:...
October 13, 2022 | Kevin Joyce

Securing Your Group Managed Service Accounts

Group Managed Service Accounts Overview The traditional practice of using regular user accounts as service accounts puts the burden of password management on users. As a result, the account passwords often stay the same for years — which leaves them highly susceptible to brute force attacks and...
October 11, 2022 | Kevin Joyce

WDigest Clear-Text Passwords: Stealing More than a Hash

What is WDigest? Digest Authentication is a challenge/response protocol that was primarily used in Windows Server 2003 for LDAP and web-based authentication. It utilizes Hypertext Transfer Protocol (HTTP) and Simple Authentication Security Layer (SASL) exchanges to authenticate. At a high...
September 8, 2022 | Jeff Warren

Passwordless Authentication with Windows Hello for Business

Passwords are everywhere — and nobody likes them. For users, they are a pain to remember and manage. For businesses, they continue to be a primary source of data breaches, both on premises and in the cloud. In fact, the 2022 Verizon DBIR reports that credential theft was involved in nearly half...
September 6, 2022 | Jeff Warren

Finding Weak Passwords in Active Directory

Knowing the credentials for any user account in your network gives an adversary significant power. After logging on as a legitimate user, they can move laterally to other systems and escalate their privileges to deploy ransomware, steal critical data, disrupt vital operations and more. Most...
February 1, 2022 | Dirk Schrader

HIPAA Password Requirements

The healthcare industry faces a plethora of serious cybersecurity risks. Indeed, 2021 saw a record number of major health data breaches in the U.S. —  the breach notification portal of the U.S. Department of Health and Human Services lists at least 713 incidents affecting 45.7 million...
Show more articles
...