Browsed by
Author: Jeff Warren

Jeff Warren is STEALTHbits’ Vice President of Product Management. Jeff has held multiple roles within the Product Management group since joining the organization in 2010, initially building STEALTHbits’ SharePoint management offerings before shifting focus to the organization’s Data Access Governance solution portfolio as a whole. Before joining STEALTHbits, Jeff was a Software Engineer at Wall Street Network, a solutions provider specializing in GIS software and custom SharePoint development. With deep knowledge and experience in technology, product and project management, Jeff and his teams are responsible for designing and delivering STEALTHbits’ high quality, innovative solutions. Jeff holds a Bachelor of Science degree in Information Systems from the University of Delaware.
Exploiting Weak Active Directory Permissions with PowerSploit

Exploiting Weak Active Directory Permissions with PowerSploit

AD Permissions Attack #1: Exploiting Weak Permissions with PowerSploit In the introductory post, we outlined some reasons why attackers may target AD permissions. In this post, we are going to look at specific ways to search for weak permissions. This attack can be perpetrated without any privileges in an environment, so finding these weaknesses is very quick and effective. We will be using a PowerShell framework PowerSploit to perform the reconnaissance and demonstrate just how easy it is to find…

Read More Read More

4 Attacks that Exploit Active Directory Permissions and How to Protect Against Them

4 Attacks that Exploit Active Directory Permissions and How to Protect Against Them

Introduction: Active Directory Permissions Attacks In a previous blog series, we have written about attacks against Active Directory (AD) administrative rights and service accounts. These topics have led to several discussions with coworkers and employees about other ways to penetrate and attack Active Directory environments. Throughout these conversations, one topic was repeatedly overlooked: Active Directory permissions. Most approaches to elevating privileges within AD focus on administrative rights, stealing credentials and passwords, and performing pass-the-hash attacks. These are all very effective…

Read More Read More

Extracting Service Account Passwords with Kerberoasting

Extracting Service Account Passwords with Kerberoasting

Service Account Attack #2: Extracting Service Account Passwords In our first post, we explored how an attacker can perform reconnaissance to discover service accounts within an Active Directory (AD) domain. Now that we know how to find service accounts, let’s look at how an attacker can compromise those accounts and use them to exploit their privileges. In this post, we will explore one such method for doing that: Kerberoasting. This method is especially scary because it requires no elevated privileges…

Read More Read More

Discovering Service Accounts without Using Privileges

Discovering Service Accounts without Using Privileges

Service Account Attack #1: LDAP Reconnaissance with PowerShell In the introductory post, we outlined what a service account is and how these accounts relate to other privileged accounts within an Active Directory environment. There could be many reasons to discover where service accounts are and how they are being used. In this post, we will approach this discovery through the mindset of an attacker. Attackers will often target service accounts because they hold elevated privileges and do not have strict…

Read More Read More

4 Service Account Attacks and How to Protect Against Them

4 Service Account Attacks and How to Protect Against Them

Introduction: Service Account Attacks Whether you realize it or not, service accounts represent a major risk to your data security. I’ve had many customers inquire about how to protect service accounts within their Active Directory environments. Through these conversations, I’ve learned that organizations want to understand the fundamentals of service accounts, and how attackers can exploit these accounts, so they can prevent them from being compromised. What is a Service Account? A service account is a “non-human” account that is…

Read More Read More

Performing Pass-the-Hash Attacks with Mimikatz

Performing Pass-the-Hash Attacks with Mimikatz

Attack #4: Pass-the-Hash with Mimikatz In my previous post, we learned how to extract password hashes for all domain accounts from the Ntds.dit file. In this post, we’re going to see what you can do with those hashes once you have them. Mimikatz has become the standard tool for extracting passwords and hashes from memory, performing pass-the-hash attacks and creating domain persistence through Golden Tickets. Mimikatz can be executed in a variety of ways to evade detection, including entirely in…

Read More Read More