Nov 17 2015
Usually Golden Tickets (forged Kerberos TGTs) get all the press, but this post is about Silver Tickets and how attackers use them to exploit systems. I have talked about how Silver Tickets can be used to persist and even re-exploit an Active Directory enterprise in presentations at security conferences this year. This post continues this …
Aug 07 2015
At my talk at Black Hat USA 2015, I highlighted new Golden Ticket capability in Mimikatz (“Enhanced Golden Tickets”). This post provides additional detailed on “enhanced” Golden Tickets. Over the past few months, I researched how SID History can be abused in modern enterprises. As part of this research, I reached out to Benjamin Delpy, …
Jul 26 2015
Next week at Black Hat USA 2015, I will be speaking about Active Directory attack & defense in my talk “Red vs Blue: Modern Active Directory Attacks Detection and Protection”. This is the 3rd iteration of this talk and includes the latest updates to attack methods and defensive strategies. I’m including lots of updates and …
May 25 2015
I am thrilled to announce I will be speaking about Active Directory security at the following security conferences: Shakacon (Waikiki Beach, HI) Black Hat USA (Las Vegas, NV) DEF CON (Las Vegas, NV) Each talk will cover current AD attack techniques and the latest defensive methods. Additionally, I will be sharing some exciting new information …
Jan 13 2015
Over the years, there have been lots of “hacker” movies of varying quality. Here are some good ones to watch before the movie “Blackhat” is out starring Chris Hemsworth. My favorites in bold. Tron (1982) 8.2/10 imdb Wargames (1983) 7.1/10 imdb Sneakers (1992) 7.1/10 imdb Jurassic Park (1993) 8/10 imdb Disclosure (1994) 6/10 imdb The …
Recent Comments