Setup, Configuration, and Task Execution with Covenant: The Complete Guide
In this blog post, we are taking a deeper dive into Covenant. Covenant is one of the latest and greatest Command and Control (C2) Post Exploitation Frameworks which I covered in In my previous blog post. In that post, we discussed Covenant on a high level but now let’s go through the process of configuring […]
Using Docker and Windows Subsystem for Linux to Learn and Experiment with New Information Security Tools
Over the years when presenting at conferences, user groups, and customer presentations I have often talked about some of the “new ways” to help learn tools and techniques in information security. One of the resources I specifically recommend is using Docker containers and Windows Subsystem for Linux to quickly experiment with tooling without the need […]
Honey Token Threat Detection with StealthDEFEND
In this post we will discuss the concept of Honey Pots, and how StealthDEFEND utilizes Honey Tokens in its threat detection to provide an additional line of defense against attackers. Introduction to Honey Pots Wikipedia defines “Honey Pots” as a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use […]
What is DCSync? An Introduction
In this blog post, we’ll be talking about the DCSync attack and how we can use StealthDEFEND to detect and respond to this type of attack. DCSync was the topic of previous STEALTHbits Blog post, so we’ll start this post with a review of DCSync and then cover what we can do about this attack with StealthDEFEND. What is […]
How to Defend against AdminSDHolder Attacks
In this blog post, we’ll be discussing the topic of the AdminSDHolder object in Active Directory and how it can be utilized in Active Directory attacks. Finally, we will discuss how to use StealthDEFEND to detect and respond to this type of attack. Introduction to the “AdminSDHolder” The AdminSDHolder is an Active Directory object that […]
LDAP Reconnaissance – Defend with StealthDEFEND
Editor’s note: This is the second blog post in a series of blogs for using StealthDEFEND to defend against attacks. Read the first blog “Using StealthDEFEND to Defend Against Password Spraying”. In this blog post, we’ll be talking about LDAP Reconnaissance and how we can use StealthDEFEND to defend ourselves against this type of attack. […]
Using StealthDEFEND to Defend against Password Spraying
In this blog post, we’ll be talking about Password Spraying and how we can use StealthDEFEND to defend ourselves against this type of attack. Introduction to Password Spraying Password Spraying is a technique attackers leverage to guess the passwords of accounts by trying a small number of highly common passwords against a large number of accounts while also […]
