Search Results for: mimikatz

Results 1 - 10 of 66 Page 1 of 7
Results per-page: 10 | 20 | 50 | 100

Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack

Posted on: 2017-05-04

Several weeks ago, the Windows Defender Advanced Threat Protection (Windows Defender ATP) research team noticed security alerts that demonstrated an intriguing attack pattern. These early alerts uncovered a well-planned, finely orchestrated cyberattack that targeted several high-profile technology and financial organizations. An unknown attacker was taking advantage of a silent yet effective attack vector: the compromised update mechanism or software supply chain for a third-party editing tool. The software vendor that develops the editing tool was unaware of the issue. In fact, while their software supply chain served as a channel for attacking other organizations, they themselves were also under attack.…

Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack

Posted on: 2017-05-04

Several weeks ago, the Windows Defender Advanced Threat Protection (Windows Defender ATP) research team noticed security alerts that demonstrated an intriguing attack pattern. These early alerts uncovered a well-planned, finely orchestrated cyberattack that targeted several high-profile technology and financial organizations. An unknown attacker was taking advantage of a silent yet effective attack vector: the compromised update mechanism or software supply chain for a third-party editing tool. The software vendor that develops the editing tool was unaware of the issue. In fact, while their software supply chain served as a channel for attacking other organizations, they themselves were also under attack.…

Powershelling with exploits, (Wed, May 3rd)

Posted on: 2017-05-03

It should be no surprise to our regular readers how powerful PowerShell (pun intended) really is. In last couple of years, it has become the main weapon of not only white hat penetration testing, but also various attackers. Recently I had to perform some pivoting through a compromised box. It had a specific exploit which was not available in Metasploit, but allowed an attacker to execute any command on the vulnerable server. The caveat was that the server could not establish external connection, however all connections to the server were allowed (it was an internal engagement) so instead of…

How US Cybersleuths Decided Russia Hacked The DNC

Posted on: 2017-05-02

Aaron Robinson/CNET It was a bombshell.Operatives from two Russian spy agencies had infiltrated computers of the Democratic National Committee, months before the US national election.One agency -- nicknamed Cozy Bear by cybersecurity company CrowdStrike -- used a tool that was "ingenious in its simplicity and power" to insert malicious code into the DNC's computers, CrowdStrike's Chief Technology Officer Dmitri Alperovitch wrote in a June blog post. The other group, nicknamed Fancy Bear, remotely grabbed control of the DNC's computers.By October, the Department of Homeland Security and the Office of the Director of National Intelligence on Election Security agreed that Russia…

How US Cybersleuths Decided Russia Hacked The DNC

Posted on: 2017-05-02

Aaron Robinson/CNET It was a bombshell.Operatives from two Russian spy agencies had infiltrated computers of the Democratic National Committee, months before the US national election.One agency -- nicknamed Cozy Bear by cybersecurity company CrowdStrike -- used a tool that was "ingenious in its simplicity and power" to insert malicious code into the DNC's computers, CrowdStrike's Chief Technology Officer Dmitri Alperovitch wrote in a June blog post. The other group, nicknamed Fancy Bear, remotely grabbed control of the DNC's computers.By October, the Department of Homeland Security and the Office of the Director of National Intelligence on Election Security agreed that Russia…

Brush up on Dropbox DBX decryption

Posted on: 2017-05-01

Few weeks ago I was contacted about how to decrypt Windows Dropbox DBX files and the same topic appeared on SANS DFIR mailing list too. So I decided to create an Open Source toolkit and this post to brush up on the DBX files create by the Dropbox client on a Windows machine.The Windows Dropbox client keeps its own files - user info, configuration, 'my dropbox' files sync status and even more - inside the user profile: on the Windows 7 and Windows 10 machines I used for test they reside in '\Users\%USERNAME%\AppData\Local\Dropbox\' and sub folders. Among them there are…

Brush up on Dropbox DBX decryption

Posted on: 2017-04-30

Few weeks ago I was contacted about how to decrypt Windows Dropbox DBX files and the same topic appeared on SANS DFIR mailing list too. So I decided to create an Open Source toolkit and this post to brush up on the DBX files create by the Dropbox client on a Windows machine.The Windows Dropbox client keeps its own files - user info, configuration, 'my dropbox' files sync status and even more - inside the user profile: on the Windows 7 and Windows 10 machines I used for test they reside in '\Users\%USERNAME%\AppData\Local\Dropbox\' and sub folders. Among them there are…

Will fileless malware push the antivirus industry into oblivion?

Posted on: 2017-04-28

The death of antivirus has been prophesied for years now, but the AV industry is still alive and kicking. SentinelOne, though, believes that in-memory resident attacks, i.e. fileless malware, just might be the thing that pushes it into oblivion. They base their conjecture on the results of the attack detections made through over a million of SentinelOne Endpoint Protection Platform agents, deployed in enterprise environments across the world. These detections are made at the endpoint, i.e. they only include the attacks that were not mitigated by other security technologies before reaching the endpoint. The results show that, from August to…

Will fileless malware push the antivirus industry into oblivion?

Posted on: 2017-04-28

The death of antivirus has been prophesied for years now, but the AV industry is still alive and kicking. SentinelOne, though, believes that in-memory resident attacks, i.e. fileless malware, just might be the thing that pushes it into oblivion. They base their conjecture on the results of the attack detections made through over a million of SentinelOne Endpoint Protection Platform agents, deployed in enterprise environments across the world. These detections are made at the endpoint, i.e. they only include the attacks that were not mitigated by other security technologies before reaching the endpoint. The results show that, from August to…

Offensive Tools and Techniques

Posted on: 2017-03-01

In this article I go over a series of examples that illustrate different tools and techniques that are often used by both sides of the force! To illustrate this I will follow the different attack stages and will use the intrusion kill chain as methodology. This methodology consist of seven stages. Reconnaissance, weaponization, delivery, exploitation, installation, C2 and action on objectives. Let’s start with Recon! The goal here is to seek information about the target, normally a person. Targeting high profile individuals might be difficult because these individuals tend to have a personalized security group that looks after them. However,…