Silverfort’s Post

Always fun upskilling from TryHackMe in Active Directory! The take aways for defenders for this lab: - Utilize MFA to mitigate the risk if AD creds are compromised - Enforcing Network Access control to limit rogue devices. - enabling SMB signing to mitigate relay attacks - Use encryption and specific service accounts along with the principles of least privilege. #activeDirectory

Just completed this room on TryHackMe which was on Breaching Active Directory. Got to learn a lot of new things about Active Directory and its inner workings: - NTLM Authentication services: Bruteforcing and password spraying them, - Hosting a Rogue LDAP Server and then spoofing the AD-DC to connect with it and reveling the credentials, - Intercepting NetNTLM Challenge using #responder (LLMNR, NBT-NS, and WPAD poisoning), - Recovering Credentials from a PXE Boot, - Finally, getting credentials from configuration files. Its a lot to digest at once, definetly requires revision of more than 2 times to understand.😁 #cybersecurity #ethicalhacking #activedirectory #ad #hackingad #thm #learningcontinues #cybersecjourney #infosecjourney

CylanceENDPOINT Prevents Pool Party Process Injection! Threat actors have devised yet another way to leverage the Microsoft® Windows® operating system to undertake malicious actions under the guise of seemingly normal tasks— and evade many EDR (endpoint detection and response) solutions. Recently, SafeBreach discovered eight new process injection techniques that can leverage Windows thread pools to trigger malicious code execution as the result of legitimate actions. Dubbed “Pool Party” by the firm, the injections work across all processes, without limitations, and remain undetected by many EDR solutions. We are proud to say that their testing determined that this methodology was successfully prevented with CylanceENDPOINT™ from BlackBerry! https://lnkd.in/eUuHqEZU

I recently went through TryHackMe's Breaching Active Directory Lab. This was an interesting take on various tools and techniques that are used to gain initial access to AD environments. This gave me insight into the importance of proper housekeeping, applying defense-in-depth, and reducing the AD attack surface. Here are some of the attack techniques covered: -NTLM Password Spraying -LDAP Pass-back Attacks -NTLM Relay Attacks -Recovering Credentials from PXE Boot Images -Retrieving Credentials from Configuration Files #cybersecurity #AD #SOC #tryhackme

🔐🚀 I have completed the "Breaching Active Directory" room on TryHackMe! Enhanced my skills in exploiting and securing Active Directory environments. #CyberSecurity #ActiveDirectory #TryHackMe

Hey everyone! I've posted a new blog about a cybersecurity topic called the #SMBRelayAttack, which targets Active Directory. I've explained it in a way that's easy to understand, so I hope you'll take a look! #Cybersecurity #InfoSec #DataProtection #NetworkSecurity #CyberAwareness #ThreatPrevention #CyberDefense #ITSecurity #OnlineSafety #SecurityAwareness

Workaround from CrowdStrike reddit: (https://lnkd.in/gV-tXmXt) 7/18/24 10:20PM PT - Hello everyone - We have widespread reports of BSODs on windows hosts, occurring on multiple sensor versions. Investigating cause. TA will be published shortly. Pinned thread. SCOPE: EU-1, US-1, US-2 and US-GOV-1 Edit 10:36PM PT - TA posted: https://lnkd.in/guc5m6rB Edit 11:27 PM PT: CrowdStrike Engineering has identified a content deployment related to this issue and reverted those changes. Workaround Steps: * Boot Windows into Safe Mode or the Windows Recovery Environment * Navigate to the C:\Windows\System32\drivers\CrowdStrike directory * Locate the file matching “C-00000291*.sys”, and delete it. * Boot the host normally. https://lnkd.in/gmXtNpbu

Patch Now 🚨, Trend customers we've got you!! A vulnerability in Windows Defender is actively being exploited by the threat group, Water Hydra. CVE-2024-21412 is an active zero-day vulnerability that was disclosed by Trend Micro ZDI to Microsoft, and published for the first time today. Trend customers are protected and organizations should take immediate action in response to the ongoing active exploitation of this vulnerability by cybercriminals. More info: https://bit.ly/3SXRsLK

I'm happy to share that I've posted up my first video of a new youtube series on pentesting active directory using the "Game of Active Directory" as a sandbox AD environment. Beware - this is going to get ultra geeky and will involve lore from Game of Thrones, virtual machines, and obscure pentesting toolsets. Let's get to it! #activedirectory #cybersecurity #pentesting #gameofthrones https://lnkd.in/gXbMvHXe

Microsoft Releases CrowdStrike Outage Recovery Tool "After downloading the tool, IT has two options for deployment: ▪ Recover from WinPE – this option produces boot media that will help facilitate the device repair. ▪ Recover from safe mode – this option produces boot media so impacted devices can boot into safe mode. The user can then login using an account with local admin privileges and run the remediation steps." Get the tool and learn more at the link in the comments ⬇ ⬇ #Microsoft #CrowdStrike #Recovery #ITTool #IT #Security