Using some Google-Fu, I was able to find some MIRCon 2014 presentation slides (sorry, no videos yet). Mandiant MIRCon 2014 Presentation Slides: R&D Track: An Insight into Symbiotic APT Groups IR Track: The Best and Worst APT Malware OSX Malware Plists, Shell Scripts and Object-C Oh-My! APT Detection with Whitelisting and Log Monitoring Management Track: …
Category: Security
Nov 08 2014
Hack Attack Method Whitepapers
The best way to develop the best defense is to study the offense’s methods. Here are several recent reports that detail current modern network attacks: Mandiant APT Whitepaper Microsoft Security Intelligence Report Verizon Enterprise DBIR 2014
Nov 07 2014
The Ultimate Movie Hacking Tool – Command Shell at Windows Logon Screen (via “StickyKeys”)
How many times have you seen a movie where the “hacker” connects to a system with a logon screen, hits a couple of keys, and gets a command shell. Here’s how this can be done for real in Windows. The issue is that the Windows Ease of Use tools are accessible at the logon screen. …
Nov 06 2014
How Attackers Extract Credentials (Hashes) From LSASS
I performed extensive research on how attackers dump credentials from LSASS and Active Directory, including pulling the Active Directory database (ntds.dit) remotely. This information is covered in two newer and greatly expanded posts: How Attackers Dump Active Directory Database Credentials Attack Methods for Gaining Domain Admin Rights in Active Directory Attackers can pull credentials …
Nov 05 2014
Black Hat 2014 Presentation Video Play List
Attending Black Hat USA 2014 was a sobering and exciting experience. Here’s a playlist of interesting presentations from Black Hat conferences in 2014: KEYNOTE: Cybersecurity as Realpolitik by Dan Geer presented at Black Hat USA 2014 BadUSB – On Accessories that Turn Evil by Karsten Nohl + Jakob Lell Windows: Abusing Microsoft Kerberos Sorry You …
Nov 04 2014
BackupExec Service Account Security FAIL
Yes. It actually says that if the BackupExec account is a member of Schema Admins, do not remove! To be fair, it starts off with this Solution which covers the rights required: From Symantec (http://www.symantec.com/business/support/index?page=content&id=TECH88242)
Nov 03 2014
PowerShell for Pentesters
PowerShell is extremely useful for admins. This power is also extremely useful for attackers. There are several PowerShell tools specifically for increasing access on a network: PowerSploit PowerSploit – PowerShell based pentest tool set developed by Mattifestation. PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid reverse engineers, forensic analysts, …
Nov 02 2014
Windows 8: Using PowerShell to Decrypt Wireless SSID Passwords with NetSH
Show the saved password for SSID named “SSID_NAME” in Windows 8. ((netsh wlan show profiles name=”SSID_NAME” key=clear | select-string “Key Content” ) -split(” Key Content : “))[1]
Oct 30 2014
BlueHat 2014 Slides: Reality Bites – The Attacker’s View of Windows Authentication and Post-exploitation
Each year, Microsoft invites security researchers (aka hackers) to speak to Microsoft employees about security issues. One of the most interesting talks listed at “BlueHat” 2014 was the one by the “Pass-the-Hash” experts, Chris Campbell, Bejamin Delpy, and Skip Duckwall. This talk will focus on the how Windows authentication works in the real world and …
Oct 29 2014
Active Directory (and other) Security Resources
I just posted a “Security Resources” page that is a tab at the top of the site. This page contains useful security resources I have found over the years and plan on updating the content as needed. Active Directory (and other) Security Resources
Recent Comments