Privilege Escalation with DCShadow

Privilege Escalation with DCShadow

So far we’ve covered how DCShadow works as well as ways this can enable attackers to create persistence within a domain without detection once they’ve obtained admin credentials.  DCShadow can enable attack scenarios beyond just creating persistence, and can actually be used to elevate access for an attacker. How can a Domain Admin elevate their access even higher? By obtaining admin rights in other forests. Leveraging SID History, an attacker can add administrative SIDs to their user account and obtain…

Read More Read More

Auditing and Reporting for Box Like Never Before

Auditing and Reporting for Box Like Never Before

Something I say in customer meetings a lot is that unstructured data isn’t glamourous. In a world where people are talking about machine learning, IoT, the latest vulnerabilities and exploits, and other cutting edge stuff, files and folders doesn’t get a lot of air time. If you’re reading this blog, though, you know these uncool bits of data are potentially dangerous and need attention. That leads to an interesting effect in meetings. Often prospects and customers will ask us what…

Read More Read More

Creating Persistence with DCShadow

Creating Persistence with DCShadow

Now that we understand the basics of the DCShadow feature, let’s look at some ways in which attackers can leverage DCShadow in a real world attack scenario.  As we learned, DCShadow requires elevated rights such as Domain Admin, so you can assume an attacker leveraging this already has complete control of your environment.  So why would an attacker want to or need to use DCShadow? One real world scenario would be for an attacker to create persistence within the domain…

Read More Read More

ProTip: StealthAUDIT Data Views for SQL Sensitive Criteria Matches

ProTip: StealthAUDIT Data Views for SQL Sensitive Criteria Matches

With our focus on SQL Attacks this month, I naturally think about what data is being attacked as well.  StealthAUDIT’s SQL Solution Set can show us a lot of valuable information but collects even more than what immediately shows. StealthAUDIT Data Views are my go-to tool when I want advanced manipulation of data for an export.  Some of these are immediately available, and others must be “turned on” for viewing in the job tree. First, an analysis must be configured;…

Read More Read More

DCShadow: Attacking Active Directory with Rogue DCs

DCShadow: Attacking Active Directory with Rogue DCs

If you’re familiar with Mimikatz, you’ve already seen some of the ways it exposes weaknesses in Active Directory security (if you’re not, read up!).  Recently, a new feature was added to Mimikatz titled DCShadow and was presented by its authors Benjamin Delpy and Vincent LeToux at the Bluehat IL 2018 conference. DCShadow enables Mimikatz to make changes to Active Directory by simulating a domain controller.  We’ve seen this in the past from Mimikatz, with the DCSync feature, which allows you…

Read More Read More

3 Zero-Cost Tactics That Make it Difficult for Attackers to Move Laterally

3 Zero-Cost Tactics That Make it Difficult for Attackers to Move Laterally

Trying to Prevent Lateral Movement on a Budget? They say the best things in life are free. And whether you believe it or not, it’s got to be true at least every once in a while, right?  Well, when it comes to securing your credentials and data, there are in fact a number of things you can do that are not only highly effective, but cost conscious. Not to oversimplify some otherwise complex concepts and subjects, there are three things…

Read More Read More

A Tale of One City – Data Privacy Day

A Tale of One City – Data Privacy Day

Data Privacy Day is among us, and for that matter so is EU GDPR and NYCRR 500. What do these all have in common? Well, privacy. Privacy by design really should be more than just the mantra of GDPR, it needs to become the mantra of everyone handling any type of customer information. I do have hope that it will. How do you achieve privacy by design? EU GDPR along with NYCRR 500 are both privacy-focused regulations and they both…

Read More Read More

Gain System Access and Persistence with SQL Native Attacks – SQL Attacks

Gain System Access and Persistence with SQL Native Attacks – SQL Attacks

What to Do with Your New SQL Kingdom In the last posts, we explored ways to gain access to MS SQL and to extract the data it contains. The fun thing with MS SQL, though, is that is just the start. Every application has a certain amount of access to other resources. Databases generally have a lot of low-level access to system since their whole purpose in life is to optimize access to data. That means augmenting some basic IO…

Read More Read More

STEALTHbits ProTip: Advanced StealthINTERCEPT Alerting

STEALTHbits ProTip: Advanced StealthINTERCEPT Alerting

  With each iteration, StealthINTERCEPT shows more value to our customers.  StealthINTERCEPT 5.0’s AD Security focused data means alerting will become even more essential, and those alerts should contain what’s important to you.  Let’s take a moment to learn how your organization can configure and benefit from StealthINTERCEPT 5.0 Notifications. First, navigate to the Alerts section found under Configuration > Alerts:   Once in the System Alerts section, click on the Email tab and toggle the slider in the top…

Read More Read More

Market Trends: Announcing StealthINTERCEPT 5.0 General Availability – With Enterprise Password Enforcer & LSASS Guardian™

Market Trends: Announcing StealthINTERCEPT 5.0 General Availability – With Enterprise Password Enforcer & LSASS Guardian™

Transforming Active Directory Security Five years ago we introduced the StealthINTERCEPT product line, to address the growing requirement for a comprehensive Active Directory change and access monitoring solution. We know that Active Directory is safest when it is clean, properly configured, closely monitored, and tightly controlled – that is exactly what StealthINTERCEPT has been successfully doing for its users. The security implications of a well maintained and monitored AD environment have significantly increased in the years since we first released…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.

Privacy Preference Center

Necessary

Advertising

Analytics

Other