Collaborate Disseminate
On July 2019 Patch Tuesday, Microsoft released a patch for CVE-2019-1126, an important vulnerability discovered by Preempt Research Labs. The vulnerability discovered leads to security issues that create a wide scale denial-of-service against expo… Continue reading Security Advisory: Targeting AD FS With External Brute-Force Attacks
As announced in our recent security advisory, Preempt researchers discovered how to bypass the Enhanced Protection for Authentication (EPA) mechanism to successfully launch NTLM relay attacks on any server that supports WIA (Windows Integrated Aut… Continue reading How to Easily Bypass EPA to Compromise any Web Server that Supports Windows Integrated Authentication
Last week, the CERT Coordination Center (CERT/CC) issued a vulnerability note warning versions of Microsoft Exchange 2013 and newer are vulnerable to an NTLM relay attack that allows for attackers to gain domain admin privileges. Organizations tha… Continue reading New Microsoft Exchange Vulnerability Exposes Domain Admin Privileges: Here’s What to Do
It has been more than a year since I last shared Preempt Inspector statistics. Last time we shared Preempt Inspector statistics we found some alarming numbers. With the end of 2018 approaching, I would like to share with you key findings from Pree… Continue reading Enterprises continue to suffer from poor password hygiene and a lack of visibility & control over privileged users
In July, media reported that SingHealth, Singapore’s largest health organization, was breached with 1.5 million medical records stolen. The stolen records included those of Singapore’s prime minister Lee Hsien Loong. Consequently, a sp… Continue reading Is Your Organization at Risk Because a Local Administrator Has a Weak Password?
NTLM (NT LAN Manager) is Microsoft’s old authentication protocol that was replaced with Kerberos starting Windows 2000. It was designed and implemented by Microsoft engineers for the purpose of authenticating accounts between Microsoft Windows mac… Continue reading The Security Risks of NTLM: Proceed with Caution
I was recently working with a large US-based company that suffered from repeated breaches to their corporate network. After we deployed the Preempt Platform and started monitoring all traffic, we quickly found several hacked privileged accounts th… Continue reading Is Your PAM Solution Enough to Block Credential Theft?
Preventing lateral movement and unauthorized domain access due to the misuse of network credentials – especially due to reconnaissance tools looking for weak spots – is a challenge plaguing many enterprises. In fact, it’s a decades-old secur… Continue reading Disrupting the Cyber Kill Chain: How to Contain Use of Tools and Protocols
In March Patch Tuesday, Microsoft released a patch for CVE-2018-0886, a vulnerability discovered by Preempt researchers. The vulnerability consists of a logical flaw in Credential Security Support Provider protocol (CredSSP) which is used by RDP (… Continue reading Security Advisory: Critical Vulnerability in CredSSP Allows Remote Code Execution on Servers Through MS-RDP (Video)