Netwrix and Stealthbits merge to better secure sensitive data. LEARN MORE

Stealthbits

Posts by Kevin Joyce

Home >Kevin Joyce
Kevin Joyce is a Senior Technical Product Manager at Stealthbits - now part of Netwrix. He is responsible for building and delivering on the roadmap of Stealthbits products and solutions. Kevin is passionate about cyber-security and holds a Bachelor of Science degree in Digital Forensics from Bloomsburg University of Pennsylvania.

Active Directory Permissions – Hiding in the Shadows

Understanding the Risk of Active Directory Permissions and Shadow Access I recently covered the topic of Active Directory permissions by giving an overview on how to apply them and view what already exists in your organization. In this blog, I’ll be taking a deeper dive into Active Directory permissions, outlining potential risks that exist when […]

Understanding Delegated Permissions in Active Directory

Active Directory Delegated Permissions Overview The importance of Active Directory permissions cannot be understated, the capability for users to write and perform certain actions against your Active Directory can lead to unintended changes, unnecessary risk for attack vectors and lateral movement, or total domain compromise. In this blog, I’ll be going over, at a high […]

Zerologon: From Zero to Hero – Part 3

| Kevin Joyce | Security | Leave a Comment

Stealthbits’ Zerologon Detection and Mitigation Solution In my two previous blogs, we’ve gone over the new patch and update plans from Microsoft (Part 1), as well as the attack itself (Part 2). Now let’s talk about how we at Stealthbits can help. We’re actively working in the lab and investigating ways we can audit, detect, […]

Zerologon: From Zero to Hero – Part 2

| Kevin Joyce | Security | Leave a Comment

How Does it Work? In Part 1 of this blog series (What is Zerologon?), we discussed how Zerologon exploits a vulnerability in NetLogon that allows a malicious actor on your network to take over a Domain Controller (DC), and eventually your entire domain. Now let’s dive into the specifics of how Zerologon works. Using Mimikatz […]

Zerologon: From Zero to Hero – Part 1

| Kevin Joyce | Security | Leave a Comment

What is Zerologon? Zerologon exploits a vulnerability in NetLogon that allows a malicious actor on your network to take over a Domain Controller (DC), and eventually your entire domain. Since this attack requires no authentication and only network access, it has been given a CVSS score of 10.0 (the highest score available). At a high […]

Securing gMSA Passwords

| Kevin Joyce | Security | Leave a Comment

Abusing gMSA Passwords to Gain Elevated Access gMSA Recap If you’re not familiar with Group Managed Service Accounts (gMSA), you can review my last post which gave a high-level overview of how they work. In case you need a quick recap, a gMSA is a special Active Directory object used for securely running automated tasks, services and […]

What Are Group Managed Service Accounts (GMSA)?

High Level Overview of GMSAs Group Managed Service Accounts Overview Group Managed Service Accounts (gMSA) were introduced in Windows Server 2016 and can be leveraged on Windows Server 2012 and above. gMSAs offer a more secure way to run automated tasks, services, and applications. How are gMSAs more secure you ask? Well, their passwords are […]

SMBv3 Vulnerability Explained

| Kevin Joyce | Security | Leave a Comment

SMBGhost What Happened? This week, Microsoft accidentally published information around a newly identified vulnerability in SMBv3, which is being dubbed SMBGhost. This vulnerability can lead to remote code execution on the server, which is always a major concern as far as the severity of vulnerabilities go. The version affected specifically is 3.1.1, which is a […]

Ready for Microsoft’s LDAP Changes? What You Need to Know

What is Changing? In March, Microsoft will be releasing a patch that includes new audit events, additional logging, and some changes to group policy settings. Later in 2020, Microsoft will be changing the behavior of the default values for LDAP channel binding and signing. They’re making these changes because the current default settings allow for […]

What is SMBv1 and Why You Should Disable it

| Kevin Joyce | Security | Leave a Comment

Eternally Affected What is SMB? Server Message Block (SMB) is a protocol used primarily for sharing files, printer services, and communication between computers on a network. The history of SMB is long, so I’ll try to keep this short and to the point. SMBv1 Back in the 1980s and 1990s IBM and Microsoft were working […]

Subscribe

DON'T MISS A POST. SUBSCRIBE TO THE BLOG!

© 2021 Stealthbits Technologies, Inc.

Start a Free Stealthbits Trial!

No risk. No obligation.

FREE TRIAL