Can hashes labeled ‘lm’ in SAM database mimikatz dump be another type than (NT)LM?

When I dump the password history hashes stored in the SAM database with mimikatz lsadump::dcsync tool, for every i’th password (re-)set by a SAM account there are two hashes stored by Active Directory (AD): ntlm- i and lm- i. I know storin… Continue reading Can hashes labeled ‘lm’ in SAM database mimikatz dump be another type than (NT)LM?

TrickBot developers continue to refine the malware’s sneakiness and power

The versatile malware known as TrickBot continues to pose “great danger” to customers of financial and technology companies because its developers are trying to stay a step ahead of cybersecurity analysts, according to Check Point Research. The company says TrickBot’s authors have equipped it with layers of “anti-analysis” and “anti-deobfuscation” capabilities, meaning that if an expert tries to pick apart the malware’s code, it stops communicating with its command-and-control servers or stops working altogether. Those features “show the authors’ highly technical background and explain why Trickbot remains a very prevalent malware family,” Check Point says in research published Wednesday. The danger remains clear, too: Check Point says the various modules of TrickBot are often deployed for stealing login credentials from customers of several large banks, including Bank of America and Wells Fargo, as well as big tech firms like Microsoft and Amazon. About 60 companies are affected overall. “These brands […]

The post TrickBot developers continue to refine the malware’s sneakiness and power appeared first on CyberScoop.

Continue reading TrickBot developers continue to refine the malware’s sneakiness and power

Trying to reproduce petitpotam exploit, got "KDC_ERROR_CLIENT_NOT_TRUSTED (62)" error

I’m following this article to reproduce the EFS bug: https://blog.truesec.com/2021/08/05/from-stranger-to-da-using-petitpotam-to-ntlm-relay-to-active-directory/
My environment:

Windows 2016 AD (Hostname: W2016$)
Windows 2016 SRV01 (Runnin… Continue reading Trying to reproduce petitpotam exploit, got "KDC_ERROR_CLIENT_NOT_TRUSTED (62)" error