In the first two parts of this series, we covered how attackers may attempt to gain persistence in Active Directory by forging Kerberos tickets or through domain replication abuse, and also discussed strategies to detect these methods.

In part one of this series, we discussed how attackers may attempt to gain persistence in Active Directory by forging Kerberos tickets, as well as ways to detect these efforts. In this part, we’ll discuss another method attackers may use: domain replication abuse.

Did you know the first instance of ransomware was in 1989? Though we’ve moved on from floppy disks containing malware and cashier’s checks used to pay attackers, we are far from moving past ransomware. Instead, ransomware has become more streamlined, and is one of the most popular tools of both amateur and expert threat actors. Just about anyone can purchase a ransomware strain off the dark web or can have the work done for them with ransomware-as-a-service (RAAS).

Vulnerabilities can be found in just about any type of software—and even some pieces of hardware. Threat actors are all too eager to take advantage of these vulnerabilities, leveraging them to gain access to or escalate privileges in an organization’s IT infrastructure. When these vulnerabilities are discovered before the vendor is aware, these are known as zero-day threats.

The PrintNightmare flaw is aptly named—the serious remote code execution vulnerability in the Microsoft Windows Print Spooler service, CVE-2021-34527, can give an attacker the keys to the kingdom.

In the first Inside the Mind of an Attacker series, we walked through scenarios of potential attacks on Active Directory, as well as techniques on how to identify and avoid breaches.

The latest release of Core Impact has arrived! Version 21.1 demonstrates our commitment to allowing users to conduct advanced penetration tests effortlessly and efficiently. This release includes new features focused on increased visibility and ease of use, along with a simplified update process.