In my role as a Technical Product Manager, I often find myself prepping demos, setting up test environments, and helping customers test and administrate their Active Directory environments with PowerShell. PowerShell, being the most efficient and ubiquitous method of management at scale in the Windows Server world, is my goto tool anytime I need to […]
In this blog post, we are taking a deeper dive into Covenant. Covenant is one of the latest and greatest Command and Control (C2) Post Exploitation Frameworks which I covered in In my previous blog post. In that post, we discussed Covenant on a high level but now let’s go through the process of configuring […]
In this blog post, we’ll be covering the DCShadow attack and how we can use StealthDEFEND to detect and respond to this type of attack. DCShadow was the topic of previous STEALTHbits Blog post, so in this post, we’ll start with a review of DCShadow and then focus on how we can DETECT and RESPOND to this attack with StealthDEFEND. Introduction to DCShadow DCShadow is […]
Rest in Peace PowerShell Empire PowerShell Empire (PSEmpire) is a Command and Control (C2) Post Exploitation Framework that has been discussed in a variety of posts on the STEALTHbits Blog. What is PSEmpire? PSEmpire is a great tool with a wide variety of uses in the Information Security community including learning, red teaming and even more nefarious […]
Over the years when presenting at conferences, user groups, and customer presentations I have often talked about some of the “new ways” to help learn tools and techniques in information security. One of the resources I specifically recommend is using Docker containers and Windows Subsystem for Linux to quickly experiment with tooling without the need […]
In this post we will discuss the concept of Honey Pots, and how StealthDEFEND utilizes Honey Tokens in its threat detection to provide an additional line of defense against attackers. Introduction to Honey Pots Wikipedia defines “Honey Pots” as a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use […]
In this blog post, we’ll be talking about the DCSync attack and how we can use StealthDEFEND to detect and respond to this type of attack. DCSync was the topic of previous STEALTHbits Blog post, so we’ll start this post with a review of DCSync and then cover what we can do about this attack with StealthDEFEND. What is […]
In this blog post, we’ll be discussing the topic of the AdminSDHolder object in Active Directory and how it can be utilized in Active Directory attacks. Finally, we will discuss how to use StealthDEFEND to detect and respond to this type of attack. Introduction to the “AdminSDHolder” The AdminSDHolder is an Active Directory object that […]
Editor’s note: This is the second blog post in a series of blogs for using StealthDEFEND to defend against attacks. Read the first blog “Using StealthDEFEND to Defend Against Password Spraying”. In this blog post, we’ll be talking about LDAP Reconnaissance and how we can use StealthDEFEND to defend ourselves against this type of attack. […]
In this blog post, we’ll be talking about Password Spraying and how we can use StealthDEFEND to defend ourselves against this type of attack. Introduction to Password Spraying Password Spraying is a technique attackers leverage to guess the passwords of accounts by trying a small number of highly common passwords against a large number of accounts while also […]
Start a Free Stealthbits Trial!
No risk. No obligation.