Pen Testing Active Directory

You may have been following our series of posts on pen testing Active Directory environments and learned about the awesome powers of PowerView. No doubt you were wowed by our cliffhanger ending — spoiler alert — where we applied graph theory to find the derivative admin!

We know from the many emails we received that you demanded a better ‘long-form’ content experience. After all, who’d want to read about finding hackable vulnerabilities using Active Directory while being forced to click six-times to access the entire series?

Thanks to the miracle of PDF technology, we’ve compressed the entire series into an easy-to-ready, comfy ebook format. Best of all, you can scroll through the entire contents without having to touch messy hyperlinks.

Get The Ebook Now
Or check it all out online, here.
Data Security
cybersecurity TED talks

12 TED Talks That Will Change the Way You Look at Business Cybersecurity

The cybersecurity landscape is constantly evolving. New security threats pop up daily, and threat actors can be an employee in the next cubicle or a blackhat hacker in a coffee shop in Bangkok. Additionally, cybersecurity has real-world implications that reach far beyond the boardroom — everything from Internet-connected teddy bears to the stability of world governments is impacted by cyber. As such, it’s more important than ever that everyone in your organization is up to…
Data Security
dark hallway with doors open letting light in

5 Basic Port Scanning Techniques

Imagine a long hallway with doors on either side. There are a total of 131,082 doors. The ones on the right of the hall are TCP, on the left UDP. Some of those doors are marked, but most of them aren’t. Some of them have locks or security cameras, but most of them don’t. This is what a cybercriminal might see when they look at one of your computers, except they can look through many…
Data Security

Ponemon and NetDiligence Remind Us Data Breach Costs Can Be Huuuge!

Those of us in the infosec community eagerly await the publication of Ponemon’s annual breach cost analysis in the early summer months. What would summer be without scrolling through the Ponemon analysis to learn about last year’s average incident costs, average per record costs, and detailed industry breakdowns? You can find all this in the current report. But then Ponemon did something astonishing. The poor souls who made it through my posts on breach costs…
Data Security
business cybersecurity risks

Are These 10 Cybersecurity Myths Putting Your Business at Risk?

Cybersecurity preparedness is one of the major obstacles facing businesses today. Despite the increased focus on making companies cybersafe, there are several common cybersecurity misconceptions that still pervade the business world. If you or your employees believe any of the myths below, you could be opening up your business to unknown risk. Check out the full list, or jump to our infographic for tips on how you can bust these myths and keep your business…
Data Security

Kerberos Authentication Explained

According to myth, Kerberos (you might know him as Cerberus) guards the Gates to the Underworld. He’s a big 3 headed dog with a snake for a tail and a really bad temper. In the modern world, MIT Computer Scientists used the name and visual of Kerberos for their computer network authentication protocol. Kerberos uses symmetric key cryptography and requires trusted third-party authorization to verify user identities. Since Kerberos requires 3 entities to authenticate and…
IT Pros

The Malware Hiding in Your Windows System32 Folder: More Rundll32 and LoL S...

When we left off last, I showed how it’s possible to run VBScript directly from mshta. I can play a similar trick with another LoL-ware binary, our old friend rundll32. Like mshta, rundll32 has the ability to evade the security protections in AppLocker. In other words, hackers can leverage a signed Windows binary to run handcrafted scriptware directly from a command line even though AppLocker officially prevents it. Evil. Odvar Moe, one of this blog’s…
Data Security

Kerberos Attack: Silver Ticket Edition

With a name like Silver Ticket, you might think it’s not as scary as its cousin the Golden Ticket – you’d be horribly mistaken. A Silver Ticket is just as nasty and invasive, and even stealthier. Important technical note: Kerberos uses authentication tokens, or tickets, to verify identities of Active Directory entities. This includes users, service accounts, domain admins, and computers. All of those entities have a password in Active Directory (AD), even though you might…
Data Security

The World in Data Breaches

Data security is one of the largest concerns impacting the world today. The increasing sophistication of cyber attacks coupled with the overall lack of cybersecurity has led to the greatest data breaches and the loss of data records on a global scale. However, not all data breaches are the same worldwide — various factors such as laws, population, and the size of data breaches influence the number of stolen records in each country. Data Breaches…
Data Security
macro image on skyscrapper

What is DCOM (Distributed Component Object Model)?

DCOM is a programming construct that allows a computer to run programs over the network on a different computer as if the program was running locally. DCOM is an acronym that stands for Distributed Component Object Model. DCOM is a proprietary Microsoft software component that allows COM objects to communicate with each other over the network. (Network OLE was the precursor to DCOM if anyone remembers seeing that in Windows 3.1.) An extension of COM,…
Data Security

The Difference between a Computer Virus and Computer Worm

Viruses and worms are often used interchangeably: there are a few key differences in how they work. Both viruses and worms are a type of malware: a worm is a type of virus. What is a Computer Virus? Computer viruses are named after human viruses that spread from person to person. A computer virus is a program made of malicious code that can propagate itself from device to device. Like a cold that alters your…
Data Security
pink and purple lights in a dark city

Endpoint Detection and Response (EDR): Everything You Need to Know

Endpoints are a favorite target of attackers – they’re everywhere, prone to security vulnerabilities, and difficult to defend. 2017’s WannaCry attack, for example, is reported to have affected more than 230,000 endpoints across the globe. What is Endpoint Detection and Response (EDR)? Endpoint detection and response (EDR) platforms are solutions that monitor endpoints (computers on the network, not the network itself) for suspicious activity. Coined by Gartner analyst Anton Chuvakin in 2013, EDR solutions focus…
Data Security

The Malware Hiding in Your Windows System32 Folder: More Alternate Data Str...

Last time, we saw how sneaky hackers can copy malware into the Alternate Data Stream (ADS) associated with a Windows file. I showed how this can be done with the ancient type command. As it turns out, there are a few other Windows utilities that also let you copy into an ADS. For example, extract, expand, and our old friend certutil are all capable of performing this ADS trick. For a complete list of these…