From Botnets to DACL Backdoors: A Journey through Modern Active Directory Attacks – Part I

From Botnets to DACL Backdoors: A Journey through Modern Active Directory Attacks – Part I

Active Directory DACL Backdoors In my last blog post, we examined Active Directory (AD) backdoors and how to defend against them. The botnets’ primary communication mechanism relied on abusing AD attributes. Once established, these botnets allow attackers to communicate across internal security controls, exfiltrate data—and most importantly—gain a foothold that is very difficult to detect and remove. All accomplished without one line of malicious code. Now that’s a real life advanced persistent threat…only it isn’t as advanced as nation-state style…

Read More Read More

STEALTHbits ProTip: Expanding the Local Administrators Report

STEALTHbits ProTip: Expanding the Local Administrators Report

The Local Administrators Report is a great report available to users of our Systems Governance Solution set, but focusing solely on Local Admins may not be the complete picture. The Local Administrators job (SG_LocalAdmins) uses our USERSGROUPS Data Collector. While scoped by default to only look for that local groups members, the Data Collector can be set to bring back other local groups as well. This can simply be done as follows:Within the Jobs tree navigate to System Governance >…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.