ProTip: LDAP Reconnaissance

ProTip: LDAP Reconnaissance

The start of Active Directory attacks, like LDAP Reconnaissance, involves finding vulnerabilities on a network and grabbing “intel” about sensitive accounts like Domain, Enterprise, and Schema Admins. After an attacker initially compromises a system on a network, they will pretty much have no privileges in the domain. This leaves an attacker hungry for more, and with the way Active Directory is designed, they can query objects inside a directory pretty easily. LDAP queries are key in an attacker gaining this…

Read More Read More

Commando VM: Introduction

Commando VM: Introduction

Windows Offensive VM from Mandiant FireEye What is Commando VM? Commando VM is a Windows testing platform, created by Mandiant FireEye, meant for penetration testers who are more comfortable with Windows as an operating system. Commando VM is essentially the sister to Kali, a Linux testing platform widely used throughout the penetration testing community. These testing platforms are packaged with all the common tools and scripts that a tester would need to utilize during an engagement. Commando VM can be…

Read More Read More

What is the California Consumer Privacy Act?

What is the California Consumer Privacy Act?

The EU GDPR took the world by storm, upping the compliance ‘ante’, causing other countries to follow suit in protecting consumer privacy. While the United States hasn’t implemented any federal regulation of this sort, many states have begun to implement their own regulations at the state level. For California, the clock has already begun ticking with the California Consumer Privacy Act, a GDPR like regulation with a compliance timeline of January 1st, 2020.   The CCPA introduces sweeping legislation providing consumers…

Read More Read More

Domain Persistence with Subauthentication Packages

Domain Persistence with Subauthentication Packages

A lot of my posts have covered Mimikatz and how it can be used to explore Active Directory and Windows security to learn how various attacks work.  Recently, the author of Mimikatz released a new feature which exposes a new attack surface that could be used to create persistence within AD.  This feature uses a subauthentication package to manipulate the Active Directory login process and escalate user privileges based on arbitrary conditions.  Basically, an attacker with access to your domain…

Read More Read More

Implement Password Policy Compliance Monitoring and Leverage Important Enhancements to Active Directory and LDAP Auditing with StealthINTERCEPT 6.1

Implement Password Policy Compliance Monitoring and Leverage Important Enhancements to Active Directory and LDAP Auditing with StealthINTERCEPT 6.1

There are two functional areas of Active Directory management and security that every organization struggles with; one is changing their password policies and the other is identifying the source of LDAP traffic. StealthINTERCEPT efficiently addresses both of these challenges in Version 6.1. Password Pain? How to Improve Your Password Policy The NIST 800-63B password guidelines walk back almost two decades of guidance about how companies should approach password security.  And the reality is, not every company is ready to embrace…

Read More Read More

How to Restore Deleted Active Directory Objects

How to Restore Deleted Active Directory Objects

AD Installation Overview As the primary authentication service in the majority of organizations worldwide, the health and operational integrity of Active Directory has a direct impact on the overall security of your organization. The capability to rollback and recover from changes to your Active Directory infrastructure, whether accidental or malicious, is an important and often overlooked aspect of your ability to maintain the security and performance of your network When Active Directory objects are deleted, they are placed in the Deleted…

Read More Read More

What is DCSync? An Introduction

What is DCSync? An Introduction

In this blog post, we’ll be talking about the DCSync attack and how we can use StealthDEFEND to detect and respond to this type of attack. DCSync was the topic of previous STEALTHbits Blog post, so we’ll start this post with a review of DCSync and then cover what we can do about this attack with StealthDEFEND. What is DCSync? DCSync is a late stage kill chain attack that allows an attacker to simulate the behavior of Domain Controller (DC) in order to retrieve password…

Read More Read More

ProTip: Create PII Retention Policies in O365 to Help Abide with GDPR Guidelines

ProTip: Create PII Retention Policies in O365 to Help Abide with GDPR Guidelines

Automate the Process of Disposing of Data With GDPR now in effect, organizations are legally required to remove personal data once its purpose for processing has been met. In March of 2019 a Danish Taxi company, Taxa 4×35, was fined $180,000 for failing to properly dispose of its customer’s personally identifiable data (PII). An audit found that the company was only removing the customer’s name from the documents, however other personally identifiable information such as telephone numbers and address’ remained….

Read More Read More

GDPR – One Year Later…

GDPR – One Year Later…

The penalty for failure to comply with the General Data Protection Regulation (GDPR) is up to $22 million or 4% of annual global turnover (whichever is greater). By now most organizations around the globe know that regardless of where they are based, this regulation affects them if they are doing business with EU citizens. Aside from having a responsibility to properly handling personal data, that amount of money can really hurt your business. For example, under the Data Protection Act of…

Read More Read More

Database Security Best Practices – Simple & Worthwhile Concepts – Part IV

Database Security Best Practices – Simple & Worthwhile Concepts – Part IV

Database security is a hot topic these days, especially with all the new and seemingly never-ending security compliance requirements being imposed such as GDPR. This means that organizations and their DBAs must step up their game when it comes to database security. Some DBAs may think these new requirements apply only to production but depending on the situation DBAs may well need to apply stricter security across the board – including development and all test databases (e.g. unit testing, stress…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.