Browsed by
Author: Lee Berg

Lee is a Technical Product Manager at STEALTHbits technologies. When Lee is not building Cybersecurity Software in his day-job, He is active in managing and presenting at user groups, meetups, and conferences around the world. Lee is focused on Automation, Security, Monitoring, and IoT.
Setup, Configuration, and Task Execution with Covenant: The Complete Guide

Setup, Configuration, and Task Execution with Covenant: The Complete Guide

In this blog post, we are taking a deeper dive into Covenant. Covenant is one of the latest and greatest Command and Control (C2) Post Exploitation Frameworks which I covered in In my previous blog post. In that post, we discussed Covenant on a high level but now let’s go through the process of configuring and using Covenant to execute payloads on compromised hosts. NOTE: This post demonstrates the capabilities of Covenant in Mid-September 2019. Getting Setup and Starting Covenant…

Read More Read More

What is a DCShadow Attack and How to Defend Against it

What is a DCShadow Attack and How to Defend Against it

In this blog post, we’ll be covering the DCShadow attack and how we can use StealthDEFEND to detect and respond to this type of attack. DCShadow was the topic of previous STEALTHbits Blog post, so in this post, we’ll start with a review of DCShadow and then focus on how we can DETECT and RESPOND to this attack with StealthDEFEND. Introduction to DCShadow DCShadow is another late-stage kill chain attack that allows an attacker with privileged credentials to register a “rogue” domain controller in order to PUSH changes to a…

Read More Read More

Next-Gen Open Source C2 Frameworks in a Post PSEmpire World: Covenant

Next-Gen Open Source C2 Frameworks in a Post PSEmpire World: Covenant

Rest in Peace PowerShell Empire PowerShell Empire (PSEmpire) is a Command and Control (C2) Post Exploitation Framework that has been discussed in a variety of posts on the STEALTHbits Blog. What is PSEmpire? PSEmpire is a great tool with a wide variety of uses in the Information Security community including learning, red teaming and even more nefarious uses such as being used by the Ryuk Ransomware. Sadly, it has been officially announced the PSEmpire is no longer being supported and development has stopped….

Read More Read More

Using Docker and Windows Subsystem for Linux to Learn and Experiment with New Information Security Tools

Using Docker and Windows Subsystem for Linux to Learn and Experiment with New Information Security Tools

Over the years when presenting at conferences, user groups, and customer presentations I have often talked about some of the “new ways” to help learn tools and techniques in information security. One of the resources I specifically recommend is using Docker containers and Windows Subsystem for Linux to quickly experiment with tooling without the need to manage a virtual machine or other infrastructure. I have often been asked to expand upon this topic so I wanted to document some of…

Read More Read More

Honey Token Threat Detection with StealthDEFEND

Honey Token Threat Detection with StealthDEFEND

In this post we will discuss the concept of Honey Pots, and how StealthDEFEND utilizes Honey Tokens in its threat detection to provide an additional line of defense against attackers. Introduction to Honey Pots Wikipedia defines “Honey Pots” as a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Honey Pots are not a new concept in the realm of Information Security. Implementations of Honeypots in the form of Servers, Databases,…

Read More Read More

What is DCSync? An Introduction

What is DCSync? An Introduction

In this blog post, we’ll be talking about the DCSync attack and how we can use StealthDEFEND to detect and respond to this type of attack. DCSync was the topic of previous STEALTHbits Blog post, so we’ll start this post with a review of DCSync and then cover what we can do about this attack with StealthDEFEND. What is DCSync? DCSync is a late-stage kill chain attack that allows an attacker to simulate the behavior of Domain Controller (DC) in order to retrieve password data…

Read More Read More

How to Defend against AdminSDHolder Attacks

How to Defend against AdminSDHolder Attacks

In this blog post, we’ll be discussing the topic of the AdminSDHolder object in Active Directory and how it can be utilized in Active Directory attacks. Finally, we will discuss how to use StealthDEFEND to detect and respond to this type of attack. Introduction to the “AdminSDHolder” The AdminSDHolder is an Active Directory object that is basically a container to essentially act as a security descriptor template for protected accounts and groups in an Active Directory domain A security descriptor…

Read More Read More

LDAP Reconnaissance – Defend with StealthDEFEND

LDAP Reconnaissance – Defend with StealthDEFEND

Editor’s note: This is the second blog post in a series of blogs for using StealthDEFEND to defend against attacks. Read the first blog “Using StealthDEFEND to Defend Against Password Spraying”. In this blog post, we’ll be talking about LDAP Reconnaissance and how we can use StealthDEFEND to defend ourselves against this type of attack. Introduction to LDAP Reconnaissance When an attacker initially compromises a system on a network, they may have little to no privileges within the domain and…

Read More Read More

Using StealthDEFEND to Defend against Password Spraying

Using StealthDEFEND to Defend against Password Spraying

In this blog post, we’ll be talking about Password Spraying and how we can use StealthDEFEND to defend ourselves against this type of attack. Introduction to Password Spraying Password Spraying is a technique attackers leverage to guess the passwords of accounts by trying a small number of highly common passwords against a large number of accounts while also staying below an organization’s defined lockout threshold. This allows an attacker to compromise accounts without any elevated privileges and masking themselves from detection by blending…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.

Privacy Preference Center

      Necessary

      Advertising

      Analytics

      Other