Netwrix Enterprise Auditor (formerly StealthAUDIT) 11.6 has been released LEARN MORE

Stealthbits

Posts by Jeff Warren

Home >Jeff Warren
Jeff Warren is Stealthbits’ General Manager of Products. Jeff has held multiple roles within the Technical Product Management group since joining the organization in 2010, initially building Stealthbits’ SharePoint management offerings before shifting focus to the organization’s Data Access Governance solution portfolio as a whole. Before joining Stealthbits - now part of Netwrix, Jeff was a Software Engineer at Wall Street Network, a solutions provider specializing in GIS software and custom SharePoint development. With deep knowledge and experience in technology, product and project management, Jeff and his teams are responsible for designing and delivering Stealthbits’ high quality, innovative solutions. Jeff holds a Bachelor of Science degree in Information Systems from the University of Delaware.

Stealing Credentials with a Security Support Provider (SSP)

| Jeff Warren | Active Directory Attacks | Leave a Comment

Introduction: SSP Attacks Mimikatz provides attackers several different ways to store credentials from memory and extract them from Active Directory. One of the more interesting tools provided is the MemSSP command, which will register a Security Support Provider (SSP) on a Windows host. Once registered, this SSP will log all passwords in clear text for […]

4 Attacks that Exploit Active Directory Permissions and How to Protect Against Them

| Jeff Warren | Active Directory Attacks | Leave a Comment

Introduction: Active Directory Permissions Attacks In a previous blog series, we have written about attacks against Active Directory (AD) administrative rights and service accounts. These topics have led to several discussions with coworkers and employees about other ways to penetrate and attack Active Directory environments. Throughout these conversations, one topic was repeatedly overlooked: Active Directory […]

Performing Pass-the-Hash Attacks with Mimikatz

| Jeff Warren | Active Directory Attacks | Leave a Comment

Attack #4: Pass-the-Hash with Mimikatz In my previous post, we learned how to extract password hashes for all domain accounts from the Ntds.dit file. In this post, we’re going to see what you can do with those hashes once you have them. Mimikatz has become the standard tool for extracting passwords and hashes from memory, […]

Extracting Password Hashes from the Ntds.dit File

| Jeff Warren | Active Directory Attacks | Leave a Comment

AD Attack #3 – Ntds.dit Extraction With so much attention paid to detecting credential-based attacks such as Pass-the-Hash (PtH) and Pass-the-Ticket (PtT), other more serious and effective attacks are often overlooked. One such attack is focused on exfiltrating the Ntds.dit file from Active Directory Domain Controllers. Let’s take a look at what this threat entails and how […]

Performing Domain Reconnaissance Using PowerShell

| Jeff Warren | Active Directory Attacks | Leave a Comment

AD Attack #1 – LDAP Reconnaissance The first thing any attacker will do once he gains a foothold within an Active Directory domain is to try to elevate his access. It is surprisingly easy to perform domain reconnaissance using PowerShell, and often without any elevated privileges required. In this post, we will cover a few […]

How SharePoint Permission Levels Work

| Jeff Warren | Cloud Security | Leave a Comment

SharePoint is an extremely useful collaboration and document management platform. Whether you are using SharePoint for hosting wiki articles, running internal project sites or exposing SharePoint to customers and partners for collaboration and document sharing, one of the most important areas to familiarize yourself with is how permission levels work within SharePoint. Improper use of […]

  • 1
  • 2

Subscribe

DON'T MISS A POST. SUBSCRIBE TO THE BLOG!

© 2022 Stealthbits Technologies, Inc.

Privacy Policy

Start a Free Stealthbits Trial!

No risk. No obligation.

FREE TRIAL