Avoiding credentials reuse attacks

Adversaries are reusing credentials all the time, How can you check and prevent credential reuse attacks? Deny them by leveraging new (and old) security features. Reusable credentials Method Log Type Reusable credentials  Log to console (+KVM) Interactive Yes RUNAS Interactive Yes Remote desktop RemoteInteractive Yes WinRM+CredSSP NetworkClearText Yes PSExec with explicit credentials Network+Interactive Yes Scheduled Task Batch Yes (as LSA…

0

Setting up Kali Linux on Windows Subsystem for Linux

Kali Linux on Windows 10 “Kali Linux on Windows 10? What the hell?” – one might ask. But we are in the year 2018 and we can run Linux directly on Windows,  install SQL server on Linux and Microsoft is the top open-source contributor on GitHub.  Using one PowerShell command and a download from the Store,…

2

Detecting Kerberoasting activity using Azure Security Center

Kerberoasting, a term coined by Tim Medin, is a privilege escalation technique which proves to be very effective in extracting service account credentials in a domain environment. A service account is standard user account that has been configured with the specific task of running a service or scheduled task. Many organizations are using service accounts…

0