Browsed by
Author: Joe Dibley

Joe is a Security Researcher at STEALTHbits Technologies. An expert in Active Directory, Windows, and a wide variety of enterprise software platforms and technologies, Joe researches new security risks, complex attack techniques, and associated mitigations and detections.
Cleaning Up Unused Service Accounts – Part 2: Detecting Common Locations Where Service Accounts Are Used

Cleaning Up Unused Service Accounts – Part 2: Detecting Common Locations Where Service Accounts Are Used

In this post, I will continue the series for how to do a service account clean up in Active Directory by going into details of common locations in a Windows OS that can be used to configure service accounts as well as then showing how to collect these using PowerShell to enable an easy collection of data for later collation as well as being able to help your company documentation for service accounts. Windows Services One of the most common…

Read More Read More

Cleaning Up Unused Service Accounts Series – Part 1: Overview of the Process

Cleaning Up Unused Service Accounts Series – Part 1: Overview of the Process

What is a Service Account? In this blog post, I won’t go too much into the details of service accounts but will class a service account as a user, Managed Service Account or a Group Managed Service Account which is used to run a process whether it be a Service, Task, IIS App Pools or used inside of an application. The Problem? A lot of organisations will have hundreds and maybe even thousands of service accounts that may be in…

Read More Read More

Making Internal Reconnaissance Harder Using NetCease and SAMRi10

Making Internal Reconnaissance Harder Using NetCease and SAMRi10

What is Internal Reconnaissance? Internal Reconnaissance is one of the first steps an attacker will take once they have compromised a user or computer on the internal network. This usually involves using tools or scripts to enumerate and collect information to help them identify where they should try and compromise next on the internal network to get what they need. An example of a tool that is commonly used for internal reconnaissance is BloodHound which can map out paths for…

Read More Read More

Using CTFTOOL.exe to escalate privileges by leveraging Text Services Framework; and mitigation processes and steps

Using CTFTOOL.exe to escalate privileges by leveraging Text Services Framework; and mitigation processes and steps

Overview In this post, I will be looking at a new exploit that leverages a weakness in Microsoft Windows Text Services Framework to launch a child process that allows for the escalation of privileges. I will give a brief overview of what the Text Services Framework service does, what the exploit is, and how it could be used. Then, I will go into more detail about how to run the exploit and different methods that can be used for detection…

Read More Read More

Start a Free Stealthbits Trial!

No risk. No obligation.