STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • Lateral Movement with CrackMapExec
    In the previous post, we explored how attackers can use Mimikatz to automatically escalate privileges to Domain Admins using Empire and DeathStar. In this post, I will take a look at another open-source tool that leverages Mimikatz to harvest credentials and move laterally through an Active Directory environment: CrackMapExec. Self-described as a “swiss army knife for pentesting networks”, CrackMa...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • Market Trends: NYCRR 500
    The New York State Department of Financial Services (DFS) new cybersecurity standard, New York Code Rules and Regulations 500 (NYCRR 500), extends past New York state limits to “subsidiaries or affiliates”. This regulation mandates each institution have a cyber security program, Chief Information Security Officer (CISO), access controls, asset management, data governance, software development prac...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • STEALTHbits ProTip: 23 NYCRR 500
    While we here at STEALTHbits can’t help our customers with the personal part of 23 NYCRR 500, we can make it easy to identify the reports that help with Section 500’s access and activity pieces. Starting with version StealthAUDIT v8.0 we’ve introduced report tagging, allowing you to easily organize the reports that are important to you.  These can be named as desired, typically by their associated...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • The Value of the Active Directory Attack Blog Series
    Active Directory Attack Blog Series Spending time with customers in Texas last week left me speechless – literally. One customer asked me a question for which I was not prepared. They have been following our Active Directory attack blog series. They found it very interesting, but they had one major question. Why should they spend so much time thinking about what attackers do? If they spend all you...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • Automating Mimikatz with Empire and DeathStar
    Automating Mimikatz Mimikatz is a very powerful post-exploitation tool on its own, allowing attackers to harvest credentials and move laterally through a compromised organization. However, there are also several limitations to what Mimikatz can do by itself: If you have compromised a machine but do not have Administrator rights, you can’t access any credentials If PowerShell protections are enable...
STEALTHbits Technologies
STEALTHbits Technologies
Youtube Video

New YouTube videos detected.

  • NYCRR 500 - Insider Threat Podcast #3
    Cybersecurity thought leader, privacy advocate and public speaker, Gabriel Gumbs talks with host Jonathan Sander about NYCRR 500, the new cybersecurity standard that regulates the Financial Services Industry. This regulation mandates each institution have a cyber security program, Chief Information Security Officer (CISO), access controls, asset management, data governance, software development pr...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • Understanding the Impact of NYCRR 500
    In our third edition of the Insider Threat podcast, we turn from the bad guys attacking you to auditors attacking you. That’s a joke, but I know it does reflect the way it can feel sometimes. Many folks will ignore NYCRR 500 because they see “NYC” and think that means it isn’t about them, or they know it is being put out there by the New York State Department of Financial Services (DFS) and think ...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • How Attackers are Stealing Your Credentials with Mimikatz
    Introduction: Stealing Credentials with Mimikatz Mimikatz is an open-source tool built to gather and exploit Windows credentials. Since its introduction in 2011 by author Benjamin Delpy, the attacks that Mimikatz is capable of have continued to grow. Also, the ways in which Mimikatz can be packaged and deployed have become even more creative and difficult to detect by security professionals. This ...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • Unlocking All the Doors to Active Directory with the Skeleton Key Attack
    Introduction: Unlocking Active Directory with the Skeleton Key Attack There are several methods for compromising Active Directory accounts that attackers can use to elevate privileges and create persistence once they have established themselves in your domain. The Skeleton Key is a particularly scary piece of malware targeted at Active Directory domains to make it alarmingly easy to hijack any acc...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • Manipulating User Passwords with Mimikatz
    Introduction: Manipulating User Passwords with Mimikatz Mimikatz now supports the ability to manipulate user passwords with new commands: SetNTLM and ChangeNTLM. These commands give attackers a new way to change user passwords and escalate privileges within Active Directory. Let’s take a look at these NTLM commands and what they do. ChangeNTLM This performs a password change event. To use this com...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • Extracting User Password Data with Mimikatz DCSync
    Introduction: Extracting User Password Data with Mimikatz DCSync Mimikatz provides a variety of ways to extract and manipulate credentials, but probably one of the most useful and scary ways is using the DCSync command. This attack simulates the behavior of a domain controller and asks other domain controllers to replicate information using the Directory Replication Service Remote Protocol (MS-DRS...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • Stealing Credentials with a Security Support Provider (SSP)
    Introduction: SSP Attacks Mimikatz provides attackers several different ways to store credentials from memory and extract them from Active Directory. One of the more interesting tools provided is the MemSSP command, which will register a Security Support Provider (SSP) on a Windows host. Once registered, this SSP will log all passwords in clear text for any users who log on locally to that system....
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • Insider Threat Podcast – NYCRR 500 – Insider Threat Podcast #3
    Cybersecurity thought leader, privacy advocate and public speaker, Gabriel Gumbs talks with host Jonathan Sander about NYCRR 500, the new cybersecurity regulation by the New York State Department of Financial Services (DFS). For more information on NYCRR 500 and how your financial services entity is likely impacted, visit: https://www.stealthbits.com/nycrr-500 The post Insider Threat Podcast – NYC...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • See a File Activity Monitor Demo without Leaving Your Desk
    File Activity Monitoring Organizations spend thousands, if not millions of dollars, on their data storage infrastructure. However, many lack visibility into file activity on Network-attached storage (NAS) devices like NetApp, Dell EMC, and Hitachi—as well as Windows devices. This is because native auditing can present challenges like configuration complexity, undifferentiated events, and performan...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • Security at the New Perimeter
    During the Cloud Identity Summit 2017 keynote, there was a predictable discussion about the state of our deteriorating security perimeter. Given this is the year’s premiere identity event—and that the speaker was Ping Identity’s CEO—you may expect to hear the now ubiquitous meme: “Identity is the new perimeter.” That is not what we heard, though. I want to quote what he said exactly and spend some...
STEALTHbits Technologies
STEALTHbits Technologies
Youtube Video

New YouTube videos detected.

  • Service Account Attacks - Insider Threat Podcast #2
    Cybersecurity expert Jeff Warren talks with host Jonathan Sander about 4 service account attacks and how to protect against them, including basic security measures and monitoring as well as considerations around adopting Group Managed Service Accounts and Privileged Identity Management. Click on these links for the full blog series and webinar: https://blog.stealthbits.com/service-accounts-attack...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • Podcast: Service Account Attacks & How To Prevent Them
    Service accounts are under managed and over privileged. Being pushed along by application groups annoyed that they need to deal with any process at all, security or helpdesk folks simply make an account, give it rights, and get it in the hands of the application folks. The application team thinks the account is controlled like any other, but that’s wrong most of the time. The folks in charge of th...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • Unconstrained Delegation Permissions
    AD Permissions Attack #4: Unconstrained Delegation Permissions In this series, we’ve explored a few ways to take advantage of weak Access Control Lists (ACLs) to compromise Active Directory accounts and elevate our privileges. In this post, I will dive deeper into a more complex attack against Active Directory and show how permissions are once again critical to protecting yourself from a complete ...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • Service Account Attacks – Insider Threat Podcast #2
    Service accounts are a favorite target of attackers because these accounts give them privileged access to systems, applications and data. Since service accounts do not have strict password reset policies, attackers can exploit them for extended periods of time without being detected. In this podcast, cybersecurity expert Jeff Warren speaks with host Jonathan Sander about four service account attac...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • Persistence using AdminSDHolder and SDProp
    AD Permissions Attack #3: Persistence using AdminSDHolder and SDProp Now that we’ve compromised privileged credentials by exploiting weak permissions, it’s time to make sure we don’t lose our foothold in the domain. That way, even if the accounts we’ve compromised are deleted, disabled, or have their passwords reset we can easily regain Domain Admin rights. To do so, we will be exploiting some of ...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • Gain Visibility into the Most Important Activity on Your Network with File Activity Monitoring
    File Activity Monitoring With Russia’s suspected hacking of the U.S. elections still in the news, our office conversation turned to the topic of Edward Snowden. One of our executives commented that even with the billions the government spent on cybersecurity—including technologies like User and Entity Behavior Analytics (UEBA)—officials still don’t know exactly what information Snowden took. I men...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • Podcast: How to Stop Active Directory Attacks
    We have just done the first episode of our Insider Threat podcast, and it was a little scary. I’m no stranger to doing a show; so that wasn’t scary. What was frightening is how easily the bad guys can exploit our Active Directory and Microsoft platforms. I sat down with Jeff Warren, who wrote our recent blog series, 4 Active Directory Attacks and How to Prevent Them, and asked him how difficult it...
STEALTHbits Technologies
STEALTHbits Technologies
Youtube Video

New YouTube videos detected.

  • Active Directory Attacks - Insider Threat Podcast #1
    Cybersecurity veteran Jeff Warren speaks with host Jonathan Sander about the 4 Active Directory attacks almost every organization is vulnerable to and gives immediate steps to help you protect your Active Directory. Click on these links for the full blog series and webinar: https://blog.stealthbits.com/how-to-protect-against-active-directory-attacks http://go.stealthbits.com/on-demand-webinar-4...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • Attacking Active Directory Permissions with BloodHound
    AD Permissions Attack #2: Attacking Permissions with BloodHound So far in this series, we’ve explored the importance of Active Directory permissions and just how easy it is for attackers to discover vulnerable permissions. Unless an organization has left Domain Admin permissions wide open, perpetrating an attack against Active Directory permissions can get rather complex. A successful attack again...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • Active Directory Attacks – Insider Threat Podcast #1
    The recent flare up around EternalBlue and other SMB attacks has put the spotlight back on Microsoft security vulnerabilities. In this podcast, cybersecurity veteran Jeff Warren speaks with host Jonathan Sander about four Active Directory attacks almost every organization can fall prey to—and how with tools like BloodHound, PowerShell, and Mimikatz, even newbie attackers can quickly escalate privi...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • Malware: ILOVEYOU Melissa & still you make me WannaCry
    Protect Your Unpatched Systems Against Malware What do the Melissa virus, ILOVEYOU worm and the WannaCry ransomware have in common? After patches were made available, they were still successfully spreading. Secondary storage also played a role in these infections. As malware evolved from nuisance to profit-driven, secondary storage became less of an infection vector and more of an opportunity to r...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • Exploiting Weak Active Directory Permissions with PowerSploit
    AD Permissions Attack #1: Exploiting Weak Permissions with PowerSploit In the introductory post, we outlined some reasons why attackers may target AD permissions. In this post, we are going to look at specific ways to search for weak permissions. This attack can be perpetrated without any privileges in an environment, so finding these weaknesses is very quick and effective. We will be using a Powe...
STEALTHbits Technologies
STEALTHbits Technologies
Blog Article

New blog articles detected.

  • 4 Attacks that Exploit Active Directory Permissions and How to Protect Against Them
    Introduction: Active Directory Permissions Attacks In previous blog series, we have written about attacks against Active Directory (AD) administrative rights and service accounts. These topics have led to several discussions with coworkers and employees about other ways to penetrate and attack Active Directory environments. Throughout these conversations, one topic was repeatedly overlooked: Activ...

Out-Market Your Competitors?

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account Log in

By signing up, you agree to the Terms of Service and Privacy Policy.

Out-Market Your Competitors

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account

Already a user?  Log in

By signing up, you agree to the Terms of Service and Privacy Policy.