Collaborate Disseminate
I was reminded recently about a feature in AD that I haven’t used in nearly 20 years, one that can be abused by attackers. This feature is based on an area in the Configuration partition within a given Active Directory forest called Display Specifiers…. Continue reading Active Directory Security: Abusing Display Specifiers
Understanding how compromises occur is a fundamental part of forming a cybersecurity defense. With that in mind, I recently joined Andy Robbins, co-creator of the open source attack path discovery tool, BloodHound, for a w… Continue reading Vulnerabilities in Active Directory: The CISO’s Achilles Heel
Ransomware and wiper attacks are causing organizations to re-evaluate their backup and recovery capabilities. An obvious concern is whether backups are safe – for example, are they offline where they can’t be encrypted or wiped. While this … Continue reading Cyber Scenarios Expose Shortcomings of BMR
In part 1 of this blog post, I talked about the threat that DCShadow poses to organizations that use Microsoft Active Directory (AD). Here in part 2, I’ll talk about steps you can take to protect your organization. (Quick recap: DCShadow is a fea… Continue reading Why Most Organizations Still Can’t Defend against DCShadow – Part 2
DCShadow is a readily available technique that allows an attacker to establish persistent privileged access in Active Directory (AD). Specifically, DCShadow allows an attacker with privileged access to create and edit arbitrary objects in AD without an… Continue reading Why Most Organizations Still Can’t Defend against DCShadow
It’s been just over two years since WannaCry, the ransomware that exploited the EternalBlue vulnerability to infect hundreds of thousands of computers around the world and inflict an estimated $8B in damages. If history repeats itself, we’r… Continue reading NSA sounds the alarm on BlueKeep: Windows vulnerability opens the door for the next WannaCry
If you’ve been following this blog, you know that about 2 and half years ago, I started talking about Group Policy’s precarious role in the typical enterprise’s security posture. Many, if not most, AD shops use GP to perform security … Continue reading Group Policy Security– Tinkering with External Paths
In recent blog posts, I’ve been talking a lot about new Active Directory attack methods where attackers are compromising user accounts that lead to increasing levels of privilege in AD. Well, unfortunately, now it seems a recently discovered Azur… Continue reading Protect your Active Directory from the Azure AD Connect Vulnerability
The Problem with Active Directory Since it was introduced in 2000, Active Directory has become the most critical application for the majority of enterprises. The problem is, that in the almost two decades since it was released, the enterprise security … Continue reading Attacking Active Directory: Tools and Techniques for Using your AD Against You
At our recent Hybrid Identity Protection Conference, several of us spoke about the increasing use of Active Directory as a subject of interest in malware attacks. Whether it’s mining AD for information about privileged access, compromising user a… Continue reading Hiding in Plain Sight — Discovering Hidden Active Directory Objects