Tag: Cyber attack

In the wake of escalating cyber-attacks and data breaches, the ubiquitous advice of "don't share your password" is no longer enough. Passwords remain the primary keys to our most important digital assets, so following password security best practices is more critical than ever. Whether you're...

Mimikatz is a popular post-exploitation tool that hackers use for lateral movement and privilege escalation. While Mimikatz is quite powerful, it does have some important limitations: It requires local admin rights on the compromised machine. Organizations can block Mimikatz from executing...

Introduction Even if you have implemented a Zero Trust security paradigm for network and infrastructure security, you need to plan for the inevitable — at some point, an attacker will get into your network with the intent to deploy ransomware or cause other damage   A typical attack...

There is an old saying: “One person’s tool is another person’s weapon.” That is certainly true of Windows PowerShell. Included with every Windows operating system today, this powerful command-line shell and scripting language is used by IT professionals for system administration, remote...

Sysmon is a component of Microsoft’s Sysinternals Suite, a comprehensive set of tools for monitoring, managing and troubleshooting Windows operating systems. Version 13 of Sysmon introduced monitoring for two advanced malware tactics: process hollowing and herpaderping. This article...

Deception technology is a cybersecurity strategy that utilizes decoys to gather information about current threats and attack methodologies used by cybercriminals. The premise of this approach is to offer some sort of bait in your network, such as a fake database that looks like a legitimate one,...

RID hijacking is a persistence technique used by adversaries who have compromised a Windows machine. In a nutshell, attackers use the RID (relative identifier) of the local Administrator account to grant admin privileges to the Guest account (or another local account). That way, they can take...

This article rounds out a series of articles on Kerberos delegation. Before reading it, we suggest making sure you are familiar with both Active Directory delegation and Kerberos delegation, and have read the earlier posts in the series that provide an overview of how resource-based...

Mimikatz provides attackers with several different ways to steal credentials from memory or extract them from Active Directory. One of the most interesting options is the MemSSP command. An adversary can use this command to register a malicious Security Support Provider (SSP) on a...

Whether you realize it or not, service accounts represent a major risk to your data security. This article explains the fundamentals of service accounts and how attackers can exploit them so you can prevent yours from being compromised. Handpicked related content: Active Directory Security...