Introducing StealthAUDIT 11.5! Complete your cloud security puzzle. LEARN MORE


Posts by Jeff Warren

Home >Jeff Warren
Jeff Warren is Stealthbits’ General Manager of Products. Jeff has held multiple roles within the Technical Product Management group since joining the organization in 2010, initially building Stealthbits’ SharePoint management offerings before shifting focus to the organization’s Data Access Governance solution portfolio as a whole. Before joining Stealthbits - now part of Netwrix, Jeff was a Software Engineer at Wall Street Network, a solutions provider specializing in GIS software and custom SharePoint development. With deep knowledge and experience in technology, product and project management, Jeff and his teams are responsible for designing and delivering Stealthbits’ high quality, innovative solutions. Jeff holds a Bachelor of Science degree in Information Systems from the University of Delaware.

Creating Persistence with DCShadow

Now that we understand the basics of the DCShadow feature, let’s look at some ways in which attackers can leverage DCShadow in a real world attack scenario.  As we learned, DCShadow requires elevated rights such as Domain Admin, so you can assume an attacker leveraging this already has complete control of your environment.  So why […]

DCShadow: Attacking Active Directory with Rogue DCs

If you’re familiar with Mimikatz, you’ve already seen some of the ways it exposes weaknesses in Active Directory security (if you’re not, read up!).  Recently, a new feature was added to Mimikatz titled DCShadow and was presented by its authors Benjamin Delpy and Vincent LeToux at the Bluehat IL 2018 conference. DCShadow enables Mimikatz to […]

Attacking Weak Passwords in Active Directory

| Jeff Warren | Uncategorized | Leave a Comment

In our last post, we learned about password spraying and how effective this can be to compromise AD accounts with weak and commonly used passwords.  Now let’s take a look at how an attacker could take this approach and put it into practice to compromise your domain.  For that, we are going to use BloodHound, […]

Finding Weak Passwords in Active Directory

So far in this series we’ve looked at how plain text passwords can be exposed within Active Directory, which represents a major vulnerability for most AD environments.  However, even if you have proper controls to prevent plain text passwords in your network, attackers can still get them pretty efficiently.  How do they do this?  They […]

4 Active Directory Password Attacks and How to Protect Against Them

Active Directory Password Attacks So far in our travels through Active Directory security, we’ve looked at attacks against permissions, credentials, service accounts, and many of the open-source toolkits available for getting more hands-on exposure to these techniques. Inside each scenario, an attacker is attempting to increase their privileges and compromise sensitive information. Some techniques like […]

How Attackers Are Bypassing PowerShell Protections

Bypassing PowerShell Protections Now that we have explored various protections against malicious PowerShell, let’s look at how to get around every one of these PowerShell protections! Don’t worry, these PowerShell protections are still worth doing, and they will still make things harder on attackers and easier to detect. However, we need to be aware that […]

Ways to Detect and Mitigate PowerShell Attacks

Detect and Mitigate PowerShell Attacks PowerShell has grown as an attack platform against Windows systems as a way for attackers to “live off the land” and use tools that are natively available. We’ve already looked at Empire, DeathStar, and CrackMapExec and how those tools leverage PowerShell to invoke Mimikatz and initiate other attacks. In this […]

Lateral Movement with CrackMapExec

In the previous post, we explored how attackers can use Mimikatz to automatically escalate privileges to Domain Admins using Empire and DeathStar. In this post, I will take a look at another open-source tool that leverages Mimikatz to harvest credentials and move laterally through an Active Directory environment: CrackMapExec. Self-described as a “swiss army knife […]

Automating Mimikatz with Empire and DeathStar

Automating Mimikatz Mimikatz is a very powerful post-exploitation tool on its own, allowing attackers to harvest credentials and move laterally through a compromised organization. However, there are also several limitations to what Mimikatz can do by itself: If you have compromised a machine but do not have Administrator rights, you can’t access any credentials If […]

How Attackers are Stealing Your Credentials with Mimikatz

Stealing Credentials with Mimikatz Mimikatz is an open-source tool built to gather and exploit Windows credentials. Since its introduction in 2011 by author Benjamin Delpy, the attacks that Mimikatz is capable of have continued to grow. Also, the ways in which Mimikatz can be packaged and deployed have become even more creative and difficult to […]



© 2022 Stealthbits Technologies, Inc.

Start a Free Stealthbits Trial!

No risk. No obligation.