Netwrix Enterprise Auditor (formerly StealthAUDIT) 11.6 has been released LEARN MORE
Stealthbits

INSIDER THREAT SECURITY BLOG

And other things that keep you up at night

Blog >Uncategorized

Browsed By
Category: Uncategorized

Attack Step 2: Targeting Interesting Data – File System Attacks

Sifting Through The Sands In the last post, we looked at how to find file shares where data we may want to steal lives. We used both Python-based and PowerShell based approaches to this. Now we’re going to take the next step and find actual files of interest. Even the smallest organization can have many thousands of files. The bad guys would drown in all that data if they didn’t have ways to narrow down what they’re looking for. Let’s start by seeing what PowerSploit has to offer on the Powe…

Attack Step 1: Finding Where Data Lives – File System Attacks

Finding Where Interesting Information May Live We’re going to make some assumptions at the start of this attack. We will assume we already have full access to any credentials we need. Why? Because we’ve already shown you how you can grab any credential you might need all the way up to the highest level of administrative rights. The question you now need to ask is this: what can you do with those rights? Credentials are the means, but data is the ends. So the first thing you do with all these…
Microsoft Ignite with Active Directory

Learn How to Defeat Advanced Attacks against Active Directory at Microsoft Ignite 2017

| Tuula Fai | | Leave a Comment
There’s a lot of news coverage on threats like ransomware, malware, and phishing that are all about punching holes in organizations to grab quick spoils. But what isn’t getting a lot of coverage is the careful, patient planning attackers do once inside your Microsoft Active Directory (AD) environment. They fly under the radar scoping out your domain and amassing privileges so they can spread out, dig in, and access a smorgasbord of sensitive data. These meticulously executed—and ultimately mo…

Data Mapping in the age of GDPR – Unknown Application Workflows

When the enemy is already inside Security breaches is a fact of life. Employees click on links in phishing emails, web applications get compromised, weak passwords get guessed, and insiders misuse their privileges. As a matter of fact, internal actors play a role in every 4th breach according to the latest 2017 Data Breach Investigations Report from Verizon (http://www.verizonenterprise.com/verizon-insights-lab/dbir/). Once the enemy is within the external defenses it is critical to protec…
NetApp Storage Environment

Stealthbits Introduces Automated Machine Learning to Data Access Governance at NetApp Insight

| Tuula Fai | | Leave a Comment
Stealthbits CTO, Jonathan Sander, recently returned from a road trip across the U.S. where he met with several customers. One of them remarked that finding sensitive data across his organization was like trying to find Waldo in the children’s book series, Where’s Waldo. The customer went on to say, ‘Even if we find it, we don’t have a foolproof way of keeping our sensitive information safe.’ He’s not the only one facing this dilemma. Organizations that have successfully implemented a least pr…
File Activity Monitor

File System Attacks

Credentials Are the Means to Attack Data If you’ve been reading the attack blog series until now, you’ve seen we have focused on attacks against Active Directory – like attacking core AD infrastructure, leveraging AD service accounts to attack, attacking AD with misconfigured permissions, and our series on Mimikatz attacks. Of course, AD is the hub for so much access to data in any organization that it may feel like those attacks actually compromise everything else. Today we’re kicking off ou…

The 180 Days Are Over: NYS DFS Cybersecurity Regulation – 23 NYCRR 500

The New York State Department of Financial Services (NYS DFS), announced 23 New York Code Rules and Regulations 500 (23 NYCRR 500), a cybersecurity regulation for all financial institutions doing business in New York. Today marks the end of the first major deadline for this regulation, 180 days after going into effect on March 1, 2017. By now, financial institutions doing business in New York should have a cybersecurity program, cybersecurity policies, a Chief Information Security Officer …
DACL Backdoors

From Botnets to DACL Backdoors: A Journey through Modern Active Directory Attacks – Part I

Active Directory DACL Backdoors In my last blog post, we examined Active Directory (AD) backdoors and how to defend against them. The botnets’ primary communication mechanism relied on abusing AD attributes. Once established, these botnets allow attackers to communicate across internal security controls, exfiltrate data—and most importantly—gain a foothold that is very difficult to detect and remove. All accomplished without one line of malicious code. Now that’s a real life advanced persi…
Insider Threat Podcast

How Attackers are Stealing your Credentials with Mimikatz – Insider Threat Podcast #6

In our sixth edition of the Insider Threat Podcast, once again we spoke with our resident white hat hacker, Jeff Warren. Jeff has just finished another in our ongoing blog series about insider attacks on Active Directory (AD). This time, the focus was the Mimikatz toolkit and all the ways it’s being used to exploit weaknesses in AD. You can find out more in the main series of blog posts about Mimikatz attacks as well as supplementary posts covering Skeleton Key, changing passwords, DCSYNC and…
The acceleration of Active Directory attacks against the enterprise

Defending Against Active Directory Botnets

Active Directory Enterprise Attack Vectors Active Directory (AD) enterprise attack vectors continue to get a lot of attention from security researchers. If history is our guide, it is only a matter of time before we see more active exploits in the wild. I sat in on Ty Miller and Paul Kalinin’s Black Hat presentation, “The Active Directory Botnet” this year and they unveiled a novel way to use, or more accurately abuse, Active Directory user attributes to create a communication channel betw…

Subscribe

DON’T MISS A POST. SUBSCRIBE TO THE BLOG!


Loading

© 2022 Stealthbits Technologies, Inc.

Start a Free Stealthbits Trial!

No risk. No obligation.

FREE TRIAL