Now that we understand the basics of the DCShadow feature, let’s look at some ways in which attackers can leverage DCShadow in a real world attack scenario. As we learned, DCShadow requires elevated rights such as Domain Admin, so you can assume an attacker leveraging this already has complete control of your environment. So why […]
If you’re familiar with Mimikatz, you’ve already seen some of the ways it exposes weaknesses in Active Directory security (if you’re not, read up!). Recently, a new feature was added to Mimikatz titled DCShadow and was presented by its authors Benjamin Delpy and Vincent LeToux at the Bluehat IL 2018 conference. DCShadow enables Mimikatz to […]
In our last post, we learned about password spraying and how effective this can be to compromise AD accounts with weak and commonly used passwords. Now let’s take a look at how an attacker could take this approach and put it into practice to compromise your domain. For that, we are going to use BloodHound, […]
So far in this series we’ve looked at how plain text passwords can be exposed within Active Directory, which represents a major vulnerability for most AD environments. However, even if you have proper controls to prevent plain text passwords in your network, attackers can still get them pretty efficiently. How do they do this? They […]
Active Directory Password Attacks So far in our travels through Active Directory security, we’ve looked at attacks against permissions, credentials, service accounts, and many of the open-source toolkits available for getting more hands-on exposure to these techniques. Inside each scenario, an attacker is attempting to increase their privileges and compromise sensitive information. Some techniques like […]
Bypassing PowerShell Protections Now that we have explored various protections against malicious PowerShell, let’s look at how to get around every one of these PowerShell protections! Don’t worry, these PowerShell protections are still worth doing, and they will still make things harder on attackers and easier to detect. However, we need to be aware that […]
Detect and Mitigate PowerShell Attacks PowerShell has grown as an attack platform against Windows systems as a way for attackers to “live off the land” and use tools that are natively available. We’ve already looked at Empire, DeathStar, and CrackMapExec and how those tools leverage PowerShell to invoke Mimikatz and initiate other attacks. In this […]
In the previous post, we explored how attackers can use Mimikatz to automatically escalate privileges to Domain Admins using Empire and DeathStar. In this post, I will take a look at another open-source tool that leverages Mimikatz to harvest credentials and move laterally through an Active Directory environment: CrackMapExec. Self-described as a “swiss army knife […]
Automating Mimikatz Mimikatz is a very powerful post-exploitation tool on its own, allowing attackers to harvest credentials and move laterally through a compromised organization. However, there are also several limitations to what Mimikatz can do by itself: If you have compromised a machine but do not have Administrator rights, you can’t access any credentials If […]
Stealing Credentials with Mimikatz Mimikatz is an open-source tool built to gather and exploit Windows credentials. Since its introduction in 2011 by author Benjamin Delpy, the attacks that Mimikatz is capable of have continued to grow. Also, the ways in which Mimikatz can be packaged and deployed have become even more creative and difficult to […]
Start a Free Stealthbits Trial!
No risk. No obligation.