Stealthbits

Posts by Lee Berg

Home >Lee Berg
Lee is a Technical Product Manager at STEALTHbits technologies. When Lee is not building Cybersecurity Software in his day-job, He is active in managing and presenting at user groups, meetups, and conferences around the world. Lee is focused on Automation, Security, Monitoring, and IoT.

PowerShell Tips and Tricks for Scripting Active Directory Test Environments

| Lee Berg | Security | Leave a Comment

In my role as a Technical Product Manager, I often find myself prepping demos, setting up test environments, and helping customers test and administrate their Active Directory environments with PowerShell. PowerShell, being the most efficient and ubiquitous method of management at scale in the Windows Server world, is my goto tool anytime I need to […]

Setup, Configuration, and Task Execution with Covenant: The Complete Guide

In this blog post, we are taking a deeper dive into Covenant. Covenant is one of the latest and greatest Command and Control (C2) Post Exploitation Frameworks which I covered in In my previous blog post. In that post, we discussed Covenant on a high level but now let’s go through the process of configuring […]

What is a DCShadow Attack and How to Defend Against it

In this blog post, we’ll be covering the DCShadow attack and how we can use StealthDEFEND to detect and respond to this type of attack. DCShadow was the topic of previous STEALTHbits Blog post, so in this post, we’ll start with a review of DCShadow and then focus on how we can DETECT and RESPOND to this attack with StealthDEFEND. Introduction to DCShadow DCShadow is […]

Next-Gen Open Source C2 Frameworks in a Post PSEmpire World: Covenant

Rest in Peace PowerShell Empire PowerShell Empire (PSEmpire) is a Command and Control (C2) Post Exploitation Framework that has been discussed in a variety of posts on the STEALTHbits Blog. What is PSEmpire? PSEmpire is a great tool with a wide variety of uses in the Information Security community including learning, red teaming and even more nefarious […]

Using Docker and Windows Subsystem for Linux to Learn and Experiment with New Information Security Tools

Over the years when presenting at conferences, user groups, and customer presentations I have often talked about some of the “new ways” to help learn tools and techniques in information security. One of the resources I specifically recommend is using Docker containers and Windows Subsystem for Linux to quickly experiment with tooling without the need […]

Honey Token Threat Detection with StealthDEFEND

In this post we will discuss the concept of Honey Pots, and how StealthDEFEND utilizes Honey Tokens in its threat detection to provide an additional line of defense against attackers. Introduction to Honey Pots Wikipedia defines “Honey Pots” as a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use […]

What is DCSync? An Introduction

In this blog post, we’ll be talking about the DCSync attack and how we can use StealthDEFEND to detect and respond to this type of attack. DCSync was the topic of previous STEALTHbits Blog post, so we’ll start this post with a review of DCSync and then cover what we can do about this attack with StealthDEFEND. What is […]

How to Defend against AdminSDHolder Attacks

In this blog post, we’ll be discussing the topic of the AdminSDHolder object in Active Directory and how it can be utilized in Active Directory attacks. Finally, we will discuss how to use StealthDEFEND to detect and respond to this type of attack. Introduction to the “AdminSDHolder” The AdminSDHolder is an Active Directory object that […]

LDAP Reconnaissance – Defend with StealthDEFEND

Editor’s note: This is the second blog post in a series of blogs for using StealthDEFEND to defend against attacks. Read the first blog “Using StealthDEFEND to Defend Against Password Spraying”. In this blog post, we’ll be talking about LDAP Reconnaissance and how we can use StealthDEFEND to defend ourselves against this type of attack. […]

Using StealthDEFEND to Defend against Password Spraying

In this blog post, we’ll be talking about Password Spraying and how we can use StealthDEFEND to defend ourselves against this type of attack. Introduction to Password Spraying Password Spraying is a technique attackers leverage to guess the passwords of accounts by trying a small number of highly common passwords against a large number of accounts while also […]

Subscribe

DON'T MISS A POST. SUBSCRIBE TO THE BLOG!

© 2020 Stealthbits Technologies, Inc.

Start a Free Stealthbits Trial!

No risk. No obligation.

FREE TRIAL