STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
  • So far in this series, we’ve learned how attackers can target weak domain passwords in Active Directory.  To complete the story, we need to look beyond domain accounts and understand the ways to attack local accounts on Windows servers and desktops.  For this post, we will focus on the most important local account: Administrator.  The Administrator account is built into every Windows operating sys...

STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
  • As we begin to wrap up 2017 and reflect back on the year, we looked at what the industry has accomplished and in some cases where we have fallen short. In the early part of this year many industry thought leaders were stating that 2017 would again be the year of ransomware. They were all very correct in their statements, but this year has shown us much more, it has shown us the increasing need for...

STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
  • In our last post, we learned about password spraying and how effective this can be to compromise AD accounts with weak and commonly used passwords.  Now let’s take a look at how an attacker could take this approach and put it into practice to compromise your domain.  For that, we are going to use BloodHound, a very useful open-source application for penetration testing AD security and planning att...

STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
  • In our tenth edition of the Insider Threat Podcast, we were joined by NetApp Senior Technical Marketing Engineer, Justin Parisi. Justin is making the rounds ahead of the NetApp ONTAP version 9.3 release this week. Of course, we wanted to get the conversation focused on insider threats and other security topics. We managed to do just that. It seems ONTAP has a few good security related tricks up it...

STEALTHbits Technologies
STEALTHbits Technologies
YouTube Video
STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
  • So far in this series we’ve looked at how plain text passwords can be exposed within Active Directory, which represents a major vulnerability for most AD environments.  However, even if you have proper controls to prevent plain text passwords in your network, attackers can still get them pretty efficiently.  How do they do this?  They guess.  And you’d be surprised how well guessing works at crack...

STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
  • If you haven’t heard, October was National Cyber Security Awareness Month (NCSAM). NCSAM is sponsored by U.S. Department of Homeland Security and the National Cyber Security Alliance, and each week of the month has a different theme. The STEALTHbits team observed the month with a new blog post on the theme each week. So stay tuned in to catch all the NCSAM info coming your way. The fifth week them...

STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
  • A lot of attention gets paid to preventing pass-the-hash and pass-the-ticket attacks, but imagine what an attacker could do with the actual passwords of privileged user accounts rather than just the hashes. Pass-the-hash gives attackers access to what can be performed from a command line, but plain text passwords give an attacker unlimited access to an account.  This may include access to web appl...

STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
  • What is ITAR? The International Traffic in Arms Regulations (ITAR) is a United States regulatory compliance standard that restricts and controls the export of defense and military related technologies to safeguard U.S. national security. The U.S. Government requires all manufacturers, exporters, and brokers of defense articles, defense services or related technical data to be ITAR compliant. For a...

STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
  • On October 24, 2017, STEALTHbits was alerted to a ransomware campaign spreading across Eastern Europe and Russia. There are reports that the infection is leveraging the EternalBlue, the exploit generally believed to be developed by the U.S. National Security Agency (NSA), however there is no evidence to support those claims. Bad Rabbit does however appear to be related to the Nyetya ransomware var...

STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
  • Active Directory Password Attacks So far in our travels through Active Directory security, we’ve looked at attacks against permissions, credentials, service accounts, and many of the open-source toolkits available for getting more hands-on exposure to these techniques. Inside each scenario, an attacker is attempting to increase their privileges and compromise sensitive information. Some techniques...

STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
  • If you haven’t heard, October is National Cyber Security Awareness Month (NCSAM). NCSAM is sponsored by U.S. Department of Homeland Security and the National Cyber Security Alliance, and each week of the month has a different theme. The STEALTHbits team will be observing the month with a new blog post on the theme each week. So stay tuned in to catch all the NCSAM info coming your way. The third w...

STEALTHbits Technologies
STEALTHbits Technologies
YouTube Video
  • The ninth edition of the Insider Threat Podcast, Jonathan Sander and Gabriel Gumbs did a little role reversal while talking about File System attacks. File System Attacks https://blog.stealthbits.com/file-system-attacks Attack Step 1: Finding Where Data Lives – File System Attacks https://blog.stealthbits.com/attack-step-1-finding-where-data-lives-file-system-attacks Attack Step 2: Targeting In...

STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
  • In the ninth edition of the Insider Threat Podcast Jonathan Sander and I did a little role reversal. I played Zorak to Jonathan’s Space Ghost and was asking the questions – the topic this week is File System attacks. A topic that we have noticed not many struggle with, but one that we increasingly see as an attack vector. Jonathan has been researching these attacks recently and has been blogging a...

STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
  • If you haven’t heard, October is National Cyber Security Awareness Month (NCSAM). NCSAM is sponsored by U.S. Department of Homeland Security and the National Cyber Security Alliance, and each week of the month has a different theme. The STEALTHbits team will be observing the month with a new blog post on the theme each week. So stay tuned in to catch all the NCSAM info coming your way. The second ...

STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
  • What Does Persistence Mean on a File System? In our first file system attack, we found places where we’re likely to get good data with the credentials we’ve been able to steal. Our second attack let us focus in on only the data that is worth the time to steal so we can lessen the chances of getting caught – or at least get the best stuff before we do. The final stage in these attacks is typically ...

STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
  • NetApp Insight, NetApp’s annual technical conference, brought together storage and data management professionals to discuss changing the world with data. In over 200 technical sessions and the Insight Central exhibit hall, organizations learned how NetApp’s Data Fabric can help them: Harness the power of the hybrid cloud Build a next-generation data center Modernize storage through data management...

STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
  • If you haven’t heard, October is National Cyber Security Awareness Month (NCSAM). NCSAM is sponsored by U.S. Department of Homeland Security and the National Cyber Security Alliance, and each week of the month has a different theme. The STEALTHbits team will be observing the month with a new blog post on the theme each week. So stay tuned in to catch all the NCSAM info coming your way. The first w...

STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
  • Sifting Through The Sands In the last post, we looked at how to find file shares where data we may want to steal lives. We used both Python based and PowerShell based approaches to this. Now we’re going to take the next step and find actual files of interest. Even the smallest organization can have many thousands of files. The bad guys would drown in all that data if they didn’t have ways to narro...

STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
  • In our eight edition of the Insider Threat Podcast, we spoke with the most senior member of the STEALTHbits team, Adam Laub. Adam had just been to the Microsoft Ignite conference, and brought us some insight into what the pulse of the show was. We brought our new focus on Threat Protection to the show in a big way. People’s reactions were very positive. We had more people stopping by and spending ...

STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
  • Adam Laub is the Senior Vice President of Product Marketing at STEALTHbits Technologies talks with host Jonathan Sander about his time at Microsoft Ignite 2017 last week. They discuss threat protection, our Capture the Flag (CTF) game based on Active Directory, the Red Desktop/Blue Desktop demonstrations, and more. File System Attack Series: https://blog.stealthbits.com/attack-step-1-finding-where...

STEALTHbits Technologies
STEALTHbits Technologies
YouTube Video
  • Adam Laub is the Senior Vice President of Product Marketing at STEALTHbits Technologies talks with host Jonathan Sander about his time at Microsoft Ignite 2017 last week. They discuss threat protection, our Capture the Flag (CTF) game based on Active Directory, the Red Desktop/Blue Desktop demonstrations, and more. File System Attack Series: https://blog.stealthbits.com/attack-step-1-finding-whe...

STEALTHbits Technologies
STEALTHbits Technologies
Page Design Update
STEALTHbits Technologies
STEALTHbits Technologies
Blog Post
  • Finding Where Interesting Information May Live We’re going to make some assumptions at the start of this attack. We will assume we already have full access to any credentials we need. Why? Because we’ve already shown you how you can grab any credential you might need all the way up to the highest level of administrative rights. The question you now need to ask is this: what can you do with those r...

Out-Market Your Competitors?

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account Log in

By signing up, you agree to the Terms of Service and Privacy Policy.

Out-Market Your Competitors

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account

Already a user?  Log in

By signing up, you agree to the Terms of Service and Privacy Policy.