Avoiding credentials reuse attacks

Adversaries are reusing credentials all the time, How can you check and prevent credential reuse attacks? Deny them by leveraging new (and old) security features. Reusable credentials Method Log Type Reusable credentials  Log to console (+KVM) Interactive Yes RUNAS Interactive Yes Remote desktop RemoteInteractive Yes WinRM+CredSSP NetworkClearText Yes PSExec with explicit credentials Network+Interactive Yes Scheduled Task Batch Yes (as LSA…

0

Invoke-Adversary – Simulating Adversary Operations

Invoke-Adversary is a PowerShell script that helps you to evaluate security products and monitoring solutions based on how well they detect advanced persistent threats. I was inspired to write this script after seeing APTSimulator excellent tool from Florian Roth. Update 4/17/2018: The script is temporally removed while I resolve an issue. I will update as soon as…

4

List of Azure Active Directory Audit Activities

Hi all, Audit logs in Azure Active Directory help customers to gain visibility about users and group management, managed applications and directory activities in their cloud-based Active Directory. Using the logs you can detect and investigate security incidents, and review important configuration changes. By using the Graph API, which provides programmatic access to Azure AD,…

3

Process Monitor for Dynamic Malware Analysis

Sysinternals Process Monitor is a powerful tool for investigating and troubleshooting application issues, as well as malware forensics and analysis tasks. Process Monitor lets you ‘peek under the hood’: Display files, registry, network and image loading activities in real time; all of the output can be exported to an external file for later viewing. The…

0

Get VirusTotal Report using PowerShell

VirusTotal is a free virus, malware and URL online scanning service. File checking is done with more than 50 antivirus solutions. Using this script you can query VirusTotal service from PowerShell using a file name or by hash, and get a detailed report about the file. Written by Moti Bani – mobani@microsoft.com – (http://blogs.technet.com/b/motiba/) with script portions copied…

4