Are Weak Passwords Putting You At Risk?

Are Weak Passwords Putting You At Risk?

Credentials and data: two common denominators that are present in almost every breach scenario. Unfortunately for all of us, attackers are well aware that you can’t have one without the other. Getting to the mother lode is simple, really. Step 1: Crack the password. Step 2: Obtain credentials. And that’s why an organization’s password requirements and policies should always be under intense scrutiny. But herein lies a problem. What if an organization has “complex” criteria in place, but the output…

Read More Read More

Lateral Movement with CrackMapExec

Lateral Movement with CrackMapExec

In the previous post, we explored how attackers can use Mimikatz to automatically escalate privileges to Domain Admins using Empire and DeathStar. In this post, I will take a look at another open-source tool that leverages Mimikatz to harvest credentials and move laterally through an Active Directory environment: CrackMapExec. Self-described as a “swiss army knife for pentesting networks”, CrackMapExec is a Python-based utility that is geared towards evaluating and exploiting weaknesses in Active Directory security. This approach involves gathering credentials…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.