Using Docker and Windows Subsystem for Linux to Learn and Experiment with New Information Security Tools

Using Docker and Windows Subsystem for Linux to Learn and Experiment with New Information Security Tools

Over the years when presenting at conferences, user groups, and customer presentations I have often talked about some of the “new ways” to help learn tools and techniques in information security. One of the resources I specifically recommend is using Docker containers and Windows Subsystem for Linux to quickly experiment with tooling without the need to manage a virtual machine or other infrastructure. I have often been asked to expand upon this topic so I wanted to document some of…

Read More Read More

Lateral Movement Through Pass-the-Cache

Lateral Movement Through Pass-the-Cache

Lateral movement techniques like Pass-the-Hash, Pass-the-Ticket, and Overpass-the-Hash provide attackers with ways to take stolen or compromised credentials and spread out across a network to achieve privilege escalation.  I recently found myself testing some Active Directory attacks from a Kali Linux host, and needed a way to use compromised credentials from this Linux system on my Windows boxes.  Luckily, this is something supported by Mimikatz and surprisingly easy to perform.  This technique, known as Pass-the-Cache, allows an attacker to take…

Read More Read More

Resource-Based Constrained Delegation Abuse

Resource-Based Constrained Delegation Abuse

Abusing RBCD and MachineAccountQuota Delegation is an area that is confusing and complicated for most Active Directory administrators. Unconstrained delegation, constrained delegation, and even resource-based constrained delegation all play a role in not only your Active Directory infrastructure, but also its security posture. For example, unconstrained delegation is very insecure, and can be abused relatively easily. If you’re unfamiliar with the different types of delegation and how they work, I suggest reading harmj0ys Another Word on Delegation as he’s done…

Read More Read More

Open Access in SharePoint – What it is And How to Find it

Open Access in SharePoint – What it is And How to Find it

Within SharePoint, there are a few groups which can give ‘Open Access’ to a given resource that can leave the environment vulnerable depending on where these groups exist. With open access comes the increased risk of data being ‘lost’ and with data loss comes risks to sales and revenue, lawsuits, IP theft, and subsequently – compliance breaches. What is Open Access? An instance of open access exists whenever one of the large groups described below has access to a resource….

Read More Read More

Announcing StealthAUDIT 9.0

Announcing StealthAUDIT 9.0

StealthAUDIT 9.0 – Something for Everyone  If you know StealthAUDIT, you know it’s one of the most versatile technologies around for addressing a broad range of data collection and analysis, reporting, and governance needs. StealthAUDIT appeals to the requirements of multiple audiences within an organization, simultaneously facilitating successful outcomes for security, compliance, and operationally focused teams. While its usefulness to so many is one of the things that makes StealthAUDIT so unique amidst a landscape of point products, we’d argue that its versatility is actually a necessity for any organization looking…

Read More Read More

Announcing StealthDEFEND 2.1

Announcing StealthDEFEND 2.1

When we released StealthDEFEND 2.0 earlier this year, we knew we were breaking new ground in the Active Directory security space. We had delivered a solution purpose-built to detect the most advanced attacks against Active Directory in real-time, drastically reducing time to detection while increasing the ability for organizations to respond to these attacks quickly and efficiently. The response (pun intended) has been tremendous.  In version 2.1, we’re taking StealthDEFEND to another level with a plethora of usability enhancements, threat model refinements, and general improvements. Most interestingly, however, is what we’ve done to help you become more proactive in the fight against Active Directory…

Read More Read More

What is a Global Catalog Server?

What is a Global Catalog Server?

The global catalog is a feature of Active Directory (“AD”) domain controllers that allows for a domain controller to provide information on any object in the forest, regardless of whether the object is a member of the domain controller’s domain. Domain controllers with the global catalog feature enabled are referred to as global catalog servers and can perform several functions that are especially important in a multi-domain forest environment: Authentication. During an interactive domain logon, a domain controller will process…

Read More Read More

15 Cases for File Activity Monitoring: Part 1

15 Cases for File Activity Monitoring: Part 1

For many organizations, monitoring file activity is challenging due to the configuration complexity and performance concerns associated with native auditing. As a result, administrators do not have a way to answer some of their most critical questions. In this three-part blog series, we’ll discuss 15 real-life use cases where STEALTHbits file activity monitoring solutions can play a key role in solving critical change and access issues without the use of native logs. Case 1: Pre-Departure Data Exfiltration This first case…

Read More Read More

What is Data Classification?

What is Data Classification?

The concept of Data Classification as a whole can become confusing, generally due to the term not being standardized in the space. This term usually evokes one of two thoughts: determining what type of information is in a piece of data or marking/tagging a piece of data based on content determination. Both of these are important in the overall data governance plan within an organization for different reasons. Data Classification as Identification Frequently data classification is along the lines of…

Read More Read More

How to Secure SharePoint

How to Secure SharePoint

SharePoint continues to remain one of the most popular content collaboration platforms (CCP) at the enterprise-level, continuing to grow in adoption year over year. This adoption shows not only growth in the expected area of SharePoint Online, but continued expansion in SharePoint On-Premises as well. As SharePoint continues to grow, one of the largest areas of concern is around the security of the platform. A well designed, maintained, and governed SharePoint farm is usually a very safe environment, but often…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.