Pass-the-Hash is still a nuclear bomb

Introduction Pass-the-Hash is a very old technique, but despite that it’s old. It is still used a lot to attack networks. This blog post was meant for my students to have a better understanding about this technique, but also understand how to mitigate it. Pass-the-Hash forms a part of lateral movement. A Pass-the-Hash attack isContinue reading “Pass-the-Hash is still a nuclear bomb”

Hunting for University of Maastricht breach using Azure Sentinel

Introduction In October, 2019. University of Maastricht occurred a cyber attack, where criminals were able to get initial access to their internal network. It all started from a phishing mail that successfully targeted users. In that phishing mail, there was a URL with a redirection to a poisoned attachment file, that contains a malicious (Excel)Continue reading “Hunting for University of Maastricht breach using Azure Sentinel”

Using graphs to track down Identity Snowball Attacks with Azure Sentinel

Attackers have been abusing the functionality of Kerberos for a while and it has been a tough challenge to mitigate these kind of attacks. In 2009, Microsoft released a whitepaper called ”Heat-Ray”, where they explained this attack in to the details. Identity Snowball Attack leverages the users logged in to a first compromised machine toContinue reading “Using graphs to track down Identity Snowball Attacks with Azure Sentinel”

Integrating Defender ATP with Azure Sentinel to detect Pass-The-Hash & Pass-The-Ticket

Defender ATP is an EDR solution of Microsoft that provides multiple security features to mitigate threats on endpoints. (e.g. workstations and servers) What’s cool about Defender ATP is, that it leverages the power of the Cloud, combined with ”machine learning” and ”user behavior analytics” to provide all the necessary protection to (connected) endpoints. Defender ATPContinue reading “Integrating Defender ATP with Azure Sentinel to detect Pass-The-Hash & Pass-The-Ticket”

Active Directory Security Assessment – ADSA

Active Directory or often described as the ”backbone” of identities, which has been around for 20 years. Is publicly known for managed poorly, and because of this. Attackers have taken their advantages. Since there is a lot of information on the internet on how you can use open-source tools to attack AD. It should notContinue reading “Active Directory Security Assessment – ADSA”

Attacking Active Directory for fun and profit

Active Directory underpins the majority of most organisations their IT infrastructure, which makes it a valuable target for attackers. A lot of (targeted) ransomware attacks have been leveraging through AD, and I often get question on, how attackers are compromising an AD environment, so I thought it would be the right time to publish contentContinue reading “Attacking Active Directory for fun and profit”