Mimikatz provides attackers with several different ways to steal credentials from memory or extract them from Active Directory. One of the most interesting options is the MemSSP command. An adversary can use this command to register a malicious Security Support Provider (SSP) on a Windows member server or domain controller (DC) — and that SSP will log all passwords in clear text for any users who log on locally to that system.
Whether you realize it or not, service accounts represent a major risk to your data security. This article explains the fundamentals of service accounts and how attackers can exploit them so you can prevent yours from being compromised.
Complex cyberattacks dominate the headlines, making breaches seem sophisticated. In reality, most hacks are unbelievably simple and involve attackers targeting well-known configuration security gaps. In fact, cyberattacks are rather common. According to IBM, 83% of companies have experienced more than one breach while in operation.
The Active Directory linked attribute is a special type of Active Directory attribute that is used to describe relationships between objects. This post explains what linked attributes are and how they work.
If you’re after a toolkit to own Microsoft SQL Server from end to end, what you need is PowerUpSQL. Implemented in PowerShell and as complete as they come, PowerUpSQL has tools to discover, compromise and own just about any SQL system. It’s the whole kill chain in one tool. This article details how to perform the critical attack steps using PowerUpSQL.
PowerShell is one of the most efficient management methods in the Windows Server world. This article offers tips and tricks to learn about one of the most common scripting scenarios: using PowerShell in test, demo and quality assurance (QA) environments, which frequently need to be rebuilt or adjusted to fit a new need or process. We’ve chosen the most useful PowerShell tips based on real-world experience with colleagues and customers.
The compromise of a single Active Directory credential can lead to unauthorized access to your servers, applications, virtualization platforms and user files across your enterprise. One of the reasons for credential vulnerability is that Windows stores credentials in the Local Security Authority (LSA), which is a process in memory.
