Introduction: SSP Attacks Mimikatz provides attackers several different ways to store credentials from memory and extract them from Active Directory. One of the more interesting tools provided is the MemSSP command, which will register a Security Support Provider (SSP) on a Windows host. Once registered, this SSP will log all passwords in clear text for […]

Introduction: Active Directory Permissions Attacks In a previous blog series, we have written about attacks against Active Directory (AD) administrative rights and service accounts. These topics have led to several discussions with coworkers and employees about other ways to penetrate and attack Active Directory environments. Throughout these conversations, one topic was repeatedly overlooked: Active Directory […]

Attack #4: Pass-the-Hash with Mimikatz In my previous post, we learned how to extract password hashes for all domain accounts from the Ntds.dit file. In this post, we’re going to see what you can do with those hashes once you have them. Mimikatz has become the standard tool for extracting passwords and hashes from memory, […]

AD Attack #3 – Ntds.dit Extraction With so much attention paid to detecting credential-based attacks such as Pass-the-Hash (PtH) and Pass-the-Ticket (PtT), other more serious and effective attacks are often overlooked. One such attack is focused on exfiltrating the Ntds.dit file from Active Directory Domain Controllers. Let’s take a look at what this threat entails and how […]

AD Attack #1 – LDAP Reconnaissance The first thing any attacker will do once he gains a foothold within an Active Directory domain is to try to elevate his access. It is surprisingly easy to perform domain reconnaissance using PowerShell, and often without any elevated privileges required. In this post, we will cover a few […]

SharePoint is an extremely useful collaboration and document management platform. Whether you are using SharePoint for hosting wiki articles, running internal project sites or exposing SharePoint to customers and partners for collaboration and document sharing, one of the most important areas to familiarize yourself with is how permission levels work within SharePoint. Improper use of […]

Recently there has been a lot of interest around controlling privileged accounts within an organization. Many customers are rolling out Privileged Identity Management solutions such as password vaults in order to manage their privileged accounts across servers, workstations, databases and applications. One of the first things you need to do to control your privileged accounts […]