Extracting Password Hashes from the Ntds.dit File

Extracting Password Hashes from the Ntds.dit File

AD Attack #3 – Ntds.dit Extraction With so much attention paid to detecting credential-based attacks such as Pass-the-Hash (PtH) and Pass-the-Ticket (PtT), other more serious and effective attacks are often overlooked. One such attack is focused on exfiltrating the Ntds.dit file from Active Directory Domain Controllers. Let’s take a look at what this threat entails and how it can be performed. Then we can review some mitigating controls to be sure you are protecting your own environment from such attacks. What is the…

Read More Read More

Attack Mapping with BloodHound

Attack Mapping with BloodHound

AD Attack #2 – Local Admin Mapping Once an attacker has established a foothold inside your domain, their primary objective is to compromise their target as quickly as possible without detection. Whether the target is sensitive data stored on a file server or compromising a Domain Admin account, the attacker must first formulate a plan of attack. This often involves strategic lateral moves throughout the network, slowly increasing privileges at each stop. BloodHound is a web application that discovers and visualizes…

Read More Read More

Market Trends: Preparing Now – EU General Data Protection Regulation (GDPR)

Market Trends: Preparing Now – EU General Data Protection Regulation (GDPR)

At the RSA Conference 2017 in San Francisco, CA we were able to survey more than 300 security professionals. One of the survey questions was, “Is your organization preparing for the EU General Data Protection Regulation (GDPR)?” 67% of respondents said that their organizations were preparing. Regulatory Compliance Standards Regulatory compliance standards such as PCI-DSS, HIPAA, and SOX are simply meant as a baseline for security organizations. Unfortunately, they have set the groundwork for some organizations to partake in compliance-based…

Read More Read More

Configure Criteria to Meet Compliance Standards

Configure Criteria to Meet Compliance Standards

With the EU General Data Protection Regulation (GDPR) looming, it is important to understand how to configure groups of criteria to the compliance standards your organization is concerned about most. StealthAUDIT’s Sensitive Data Discovery allows you to identify file content that matches your set criteria. This can be done for keywords or regular expressions, as well as groups of any of those criteria sets. The configuration for this is found within the Criteria Editor. To get there navigate the Job…

Read More Read More

Performing Domain Reconnaissance Using PowerShell

Performing Domain Reconnaissance Using PowerShell

AD Attack #1 – LDAP Reconnaissance The first thing any attacker will do once he gains a foothold within an Active Directory domain is to try to elevate his access. It is surprisingly easy to perform domain reconnaissance using PowerShell, and often without any elevated privileges required. In this post, we will cover a few of the different ways that PowerShell can be used by attackers to map out your environment and chose their targets. The Basics of Reconnaissance using…

Read More Read More

4 AD Attacks and How to Protect Against Them

4 AD Attacks and How to Protect Against Them

I was speaking with an Active Directory Security Engineer from a large, global pharmaceutical company recently and asked him the most classic question in the Product Management handbook: “What keeps you up at night?” So cliché (I know), but sometimes instead of an eye roll, you get a real gem, which is exactly what happened. He said, “We’ve got a lot of good protections in place and run a pretty tight ship, but the worst thing that I think could…

Read More Read More

10 Security Risks Almost Everyone Has

10 Security Risks Almost Everyone Has

If you’re responsible for the management and security of an Active Directory (AD) or Windows infrastructure, you already know you’ve got a tough job.  And with thousands of configurations and potential conditions to worry about across dozens of AD and Operating System (OS) versions, where do you even begin an effort to address your most at-risk conditions?  What are they to begin with?  If you’re at a loss, I’d suggest you start right here… Below I’ve listed 10 checks you…

Read More Read More

Market Trends: AD Security Assessment and Rollback and Recovery

Market Trends: AD Security Assessment and Rollback and Recovery

AD Security Assessment Active Directory security is a hot topic. Some security professionals have made their living by uncovering vulnerabilities in directory services. Take for instance, Sean Metcalf at ADSecurity.org. He has an entire blog focused on Active Directory security. What tends to be lacking, however, is an easy-to-follow Security Assessment that highlights critical areas of concern in a Microsoft Active Directory and Windows environment. Most organizations aren’t aware they even have a problem—as issues in their directory and server…

Read More Read More

STEALTHbits ProTip: Model Access Changes with Confidence

STEALTHbits ProTip: Model Access Changes with Confidence

Modeling access changes before enabling them allows you to clean up access with confidence. The Access Information Center makes this simpler than ever with easy-to-understand visuals and the ability to commit these changes on the spot. First, we’ll look at the Effective Access report on my PreSales Engineering Share. As you can see, Chris still has access although his account is disabled. In this situation, I want to clean up access to this one resource without impacting any other intended…

Read More Read More

Top 10 Data Security Sessions at the RSA Conference 2017

Top 10 Data Security Sessions at the RSA Conference 2017

It is that time of year again, time to get our bags packed and head to San Francisco for the RSA Conference. This year’s theme is the Power of Opportunity–which is a fitting theme for most security companies as they move toward partnerships that benefit end users. As a cybersecurity company that focuses on credentials and data, we thought it would be helpful to select a top 10 list of data security sessions for you to attend while at RSA….

Read More Read More