In the first two parts of this series, we covered how attackers may attempt to gain persistence in Active Directory by forging Kerberos tickets or through domain replication abuse, and also discussed strategies to detect these methods. In this part, we’ll touch on a few more techniques: AdminSDHolder and SDProp abuse, SID History attacks, and skeleton key attacks. AdminSDHolder Container and...

In part one of this series, we discussed how attackers may attempt to gain persistence in Active Directory by forging Kerberos tickets, as well as ways to detect these efforts. In this part, we’ll discuss another method attackers may use: domain replication abuse. The DCSync Attack Domain replication, or DCSync, is a feature that was first intended to be used by Domain Controllers. Requesting a...

Security Information and Event Management (SIEM) solutions are known for their ability to provide visibility into IT environments by monitoring data sources for unusual activity and contextualizing them for security insights. According to the 2021 SIEM Report by Cybersecurity Insiders, 76% of cybersecurity professionals surveyed reported that SIEM improved their ability to detect threats. But what...

Did you know that, on average, 15 million residents in the U.S. are affected by identity theft and upwards of $50 billion are stolen each year? During the holiday season we hear a lot about keeping your identity safe when shopping online or in retail stores across the country, or even across the world. Why? The most obvious reasons are that your money can be stolen and in turn, your credit ruined...

As organizations have made the transformational shift to a remote and hybrid workforce, IT and security teams are feeling increased pressure to better manage access to sensitive data and systems. The rise of a remote and expanded workforce has put additional strain on organizations and increased the potential for identity-related access risks. To combat these access risks, identity and access...

Did you know the first instance of ransomware was in 1989? Though we’ve moved on from floppy disks containing malware and cashier’s checks used to pay attackers, we are far from moving past ransomware. Instead, ransomware has become more streamlined, and is one of the most popular tools of both amateur and expert threat actors. Just about anyone can purchase a ransomware strain off the dark web or...

Vulnerabilities can be found in just about any type of software—and even some pieces of hardware. Threat actors are all too eager to take advantage of these vulnerabilities, leveraging them to gain access to or escalate privileges in an organization’s IT infrastructure. When these vulnerabilities are discovered before the vendor is aware, these are known as zero-day threats. Since these are...

The PrintNightmare flaw is aptly named—the serious remote code execution vulnerability in the Microsoft Windows Print Spooler service, CVE-2021-34527, can give an attacker the keys to the kingdom.

It’s no secret that keeping track of who has access to what in your organization has grown more complicated during the last year. Companies today are especially vulnerable because they often lack full visibility into the actual access levels employees possess and may not have the full picture of devices across their network infrastructure. Managing devices and user access is made even more...

The latest release of Core Impact has arrived! Version 21.1 demonstrates our commitment to allowing users to conduct advanced penetration tests effortlessly and efficiently. This release includes new features focused on increased visibility and ease of use, along with a simplified update process. 1. Attack Map Core Impact’s testing capabilities enable organizations to get a comprehensive picture...

In the first Inside the Mind of an Attacker series, we walked through scenarios of potential attacks on Active Directory, as well as techniques on how to identify and avoid breaches. In this series, we’ll transition to what happens after a successful compromise of Active Directory, in which an attacker attempts to gain persistence after the initial breach. We’ll discuss several different types of...

As data breaches continue to dominate the headlines, suggestions for enhancing your cybersecurity stance are everywhere. While much of this advice may be worth following, it’s often complicated, entailing multi-step processes or requiring expert intervention. However, before you start exploring advanced options, it’s important to begin with the basics. When it comes to cybersecurity, the simplest...

Ready to make a big impact on security, cost savings, and productivity?

Relying on outdated methods to manage user access is both a constant struggle and a persistent risk to your business. Manually keeping track of users and entitlements is costly, time-consuming, and daunting. But with a modern role-based approach, you can embrace a smarter, simpler, more secure way to manage user access. In this blog, we will define role-based access control (RBAC), explore why it...

Penetration testing has become an increasingly standard exercise, with organizations using either pen testing services or in-house teams to uncover weaknesses and assess their security posture. Many businesses want to stay proactive about securing their IT environment and find that pen testing helps them stay compliant and prove adherence to regulations or industry best practices. According to the...

Security Information and Event Management (SIEM) solutions have been around for years, helping to identify and escalate critical security events. SIEM solutions have become integral to many organizations’ security portfolios. In fact, according to the 2021 SIEM Report by Cybersecurity Insiders, 74 percent of respondents ranked SIEM as very to extremely important to their organization’s security...

Security teams are increasingly turning to penetration testing tools to advance their in-house programs through strategic exploitation automation. However, it can be challenging to round out a comprehensive and integrated pen testing toolset that meets both your organization’s requirements as well as your budget. In this blog, we’ll explore how Core Impact’s tiered offering provides flexibility...

If the last year has demonstrated any lessons for IT and security teams, it’s this: managing privileged access should be a top priority for the business. When a large portion of the workforce began working remotely, there was a frenzy to extend access so individuals could perform their jobs from home. Yet this may have unintentionally caused inappropriate access levels to be extended to employees....

Chances are your organization is relying on an extensive number of enterprise applications, systems, and platforms to ensure successful execution of the business. According to an article in The Wall Street Journal, large organizations rely on an average of nearly 130 applications across their business, while smaller firms use around 70 applications on average. The ability to manage user access to...