ATA + OMS

Installing Operational Management Suite (OMS) on top of Advanced Threat Analytics (ATA) is dead simple. It is even more simple if your ATA Center is installed in Azure as deploying the OMS agent on Azure VMs is one click. The OMS continues to gain momentum as it provides a single-pane-of-glass. It’s integration into things like…

0

Setting up Damn Vulnerable Web App (DVWA) on Ubuntu in Azure

Getting familiar with attacks is step one of knowing what you’re up against. One way to do that is getting a vulnerable application to hit against and sharpen your skills. Nothing beats Damn Vulnerable Web App (DVWA). Here are the steps to get Damn Vulnerable Web App up and running in the Azure environment, all…

0

SmartCard and Pass-the-Hash

On a pretty consistent basis, SmartCard and Multi-factor Authentication (MFA) technologies are brought up when discussing Pass-the-Hash/Pass-the-Ticket with customers. Many customers believe they do not need to worry about such attacks as they have non-repudiation. However, what Smartcard was set to solve was before Pass-the-Hash/Ticket (or Overpass-the-Hash) was a real thing! At that time, preventing…

0

Ubuntu RDP in Azure

Many times, I get a question on how do you RDP into a Linux machine created in Azure. So, instead of having the same conversation over and over, I’ll blog about it and point folks here . And going one step further, I figured now was a good time to also test out OpenSSH-Win32. In…

0

cpassword – MS14-025

Microsoft announced MS14-025 on 13 May, 2014. However, it continues to be an issue for many IT organizations, even when patched. I repeat, by simply installing the KB you have not fully remediated the vulnerability (elevate of privileges!) unless you ran the provided PowerShell code to ensure you don’t have any existing cpassword Group Policies….

0

ATA Playbook Released

The Advanced Threat Analytics Playbook is released. It includes a breakdown of how to test (and therefor learn!) ATA and the real-world research tools that are available on the public Internet. The goal here was simple: Debunk some myths around pass-the-hash (i.e. SmartCards) Show how these research tools work (and just how easy it is…

0

Advanced Threat Analytics Detects Forged PACs

Advanced Threat Analytics (ATA) detects all sorts of credential theft and post-exploit activities of an adversary. Detecting Forged PACs is no different. Here, I use PyKEK in a lab environment that I use to stage other research and attack scenarios with real tools. If you wish to do this testing, you absolutely should stick to…

0

The Iceberg Effect

In cybersecurity, especially in the Digital Forensics Incident Response (DFIR) space, the “Iceberg Effect” plays a detrimental role in the execution phase of response and recovery. This often leaves analysis incomplete which directly translates to insufficient response and recovery plans—and worse, a very high probability of failed attempts to evict the actor in the environment….

0