Browsed by
Tag: Bloodhound

How Attackers are Stealing Your Credentials with Mimikatz

How Attackers are Stealing Your Credentials with Mimikatz

Stealing Credentials with Mimikatz Mimikatz is an open-source tool built to gather and exploit Windows credentials. Since its introduction in 2011 by author Benjamin Delpy, the attacks that Mimikatz is capable of have continued to grow. Also, the ways in which Mimikatz can be packaged and deployed have become even more creative and difficult to detect by security professionals. This has led to Mimikatz recently being tied to some of the most prevalent cyber attacks such as the Petya ransomware….

Read More Read More

Manipulating User Passwords with Mimikatz

Manipulating User Passwords with Mimikatz

Introduction: Manipulating User Passwords with Mimikatz Mimikatz now supports the ability to manipulate user passwords with new commands: SetNTLM and ChangeNTLM. These commands give attackers a new way to change user passwords and escalate privileges within Active Directory. Let’s take a look at these NTLM commands and what they do. ChangeNTLM This performs a password change event. To use this command, you must know the old password in order to set a new one. One deviation is that this command…

Read More Read More

Exploiting Weak Active Directory Permissions with PowerSploit

Exploiting Weak Active Directory Permissions with PowerSploit

AD Permissions Attack #1: Exploiting Weak Permissions with PowerSploit In the introductory post, we outlined some reasons why attackers may target AD permissions. In this post, we are going to look at specific ways to search for weak permissions. This attack can be perpetrated without any privileges in an environment, so finding these weaknesses is very quick and effective. We will be using a PowerShell framework PowerSploit to perform the reconnaissance and demonstrate just how easy it is to find…

Read More Read More

4 Attacks that Exploit Active Directory Permissions and How to Protect Against Them

4 Attacks that Exploit Active Directory Permissions and How to Protect Against Them

Introduction: Active Directory Permissions Attacks In a previous blog series, we have written about attacks against Active Directory (AD) administrative rights and service accounts. These topics have led to several discussions with coworkers and employees about other ways to penetrate and attack Active Directory environments. Throughout these conversations, one topic was repeatedly overlooked: Active Directory permissions. Most approaches to elevating privileges within AD focus on administrative rights, stealing credentials and passwords, and performing pass-the-hash attacks. These are all very effective…

Read More Read More