NTLM Archives | The Insider Threat Security Blog

Plain Text Password Attacks in Active Directory

Compromising Plain Text Passwords in Active Directory

October 31, 2017 Jeff Warren Comments 0 Comment

A lot of attention gets paid to preventing pass-the-hash and pass-the-ticket attacks, but imagine what an attacker could do with the actual passwords of privileged user accounts rather than just the hashes. Pass-the-hash gives attackers access to what can be performed from a command line, but plain text passwords give an attacker unlimited access to an account. This may include access to web applications, VPN, and email. If you need a primer on the difference between plain text passwords and…

The Active Directory Attacks Training Series with Randy Franklin Smith – Insider Threat Podcast #7

September 15, 2017 Jonathan Sander Comments 0 Comment

In our seventh edition of the Insider Threat Podcast, once again we spoke with our resident white hat hacker, Jeff Warren. We’ve just partnered with Randy Franklin Smith at Ultimate Windows Security to deliver some of Randy’s “real training for free” on detecting and mitigating Active Directory (AD) attacks from our ongoing blog series. I’ve worked with Randy for years and we have a good relationship, but Jeff and he have been having a lot of fun geeking out with…

Automating Mimikatz with Empire and DeathStar

July 18, 2017 Jeff Warren Comments 0 Comment

Automating Mimikatz Mimikatz is a very powerful post-exploitation tool on its own, allowing attackers to harvest credentials and move laterally through a compromised organization. However, there are also several limitations to what Mimikatz can do by itself: If you have compromised a machine but do not have Administrator rights, you can’t access any credentials If PowerShell protections are enabled, Mimikatz can be easily prevented Stealing credentials and figuring out where they work can be a long and arduous process This…