VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug. “A malicious actor could trick a target domain user with EAP installed in their web browser into requesting […]
The Goose Tool is a new free tool that may assist network defenders in identifying possibly malicious activities in Microsoft Azure, Azure Active Directory, and Microsoft 365 environments. It was developed by CISA and is available on their website. The Unidentified Goose Tool, which was developed with assistance from Sandia National Laboratories, provides network defenders […]
A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access, while also borrowing techniques from other groups like Conti to meet its goals. “Throughout the attack, the attacker followed a routine of recon commands, credential theft, lateral movement […]
The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. “Bumblebee operators conduct intensive reconnaissance activities and redirect the output of executed commands to files for exfiltration,” Cybereason researchers Meroujan Antonyan and Alon Laufer said in […]
During the November 2021 Patch Tuesday Two Active Directory domain service privilege escalation security flaws have been detected recently by Andrew Bartlett of Catalyst IT, and these two security flaws allow hackers to take over Windows domains easily when they are united. Microsoft suggested users to immediately patch these two Active Directory domain service privilege […]
In its latest security alert, Microsoft asked its customers to apply available updates to fix two privilege escalation vulnerabilities in Active Directory whose exploitation would allow threat actors to easily take control of Windows domains. The flaws were tracked as CVE-2021-42287 and CVE-2021-42278 and were corrected during November Patch Tuesday. Although the required patches had […]
This week, Microsoft reported the detection of a sensitive information leak vulnerability that affects many Azure Active Directory (AD) deployments. The flaw was tracked as CVE-2021-42306 and received a score of 8.1/10 according to the Common Vulnerability Scoring System (CVSS). According to the report, incorrect configuration in Azure allows “Run As” credentials in the automation […]
Researchers from Microsoft uncovered a new malware from NOBELIUM ATP threat group named FoggyWeb that gains a persistence backdoor on Active Directory Federation Services (AD FS) servers. NOBELIUM is an infamous APT threat group that is behind the various malware attacks such as SUNBURST backdoor, TEARDROP malware, GoldMax, GoldFinder, and Sibot. FoggyWeb is a newly […]
Microsoft on Monday revealed new malware deployed by the hacking group behind the SolarWinds supply chain attack last December to deliver additional payloads and steal sensitive information from Active Directory Federation Services (AD FS) servers. The tech giant’s Threat Intelligence Center (MSTIC) codenamed the “passive and highly targeted backdoor” FoggyWeb, making it the threat actor […]
Bloodhound is a great visual tool that shows the relationship between multiple Active Directory objects and allows you to quickly evaluate the possibility of compromising relevant information, as well as identify potential security weaknesses. The best thing about this tool is that it is practically ready to use after installation, so no complicated startup configurations […]
Specialists from Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of a companion dashboard based on the Splunk tool that will help administrators verify security in Microsoft Azure Active Directory, Office 365, and Microsoft 365 environments. Identify as Aviary, this tool will help analyze the outputs of data generated with the PowerShell-based open source […]
Lithnet Password Protection for Active Directory (LPP) enhances the options available to an organization wanting to ensure that all their Active Directory accounts have strong passwords. LPP is a module that you install on your Active Directory servers that uses a password filter to inspect passwords as users attempt to change them. Using group policy, you customize […]
The risk level regarding Active Directory security has changed. Several vulnerabilities have been made popular with tools like mimikatz or sites likes adsecurity.org. Ping Castle is a tool designed to assess quickly the Active Directory security level with a methodology based on risk assessment and a maturity framework. It does not aim at a […]
A tool to automate Active Directory enumeration. Tool Prereq This tool requires that you have a runas /netonly shell. Functions Start-PreReqCheck Install-Tools Start-ADEnum Start-PreReqCheck This function determines if the current Windows 10 OS is 1809+ and installs all the prerequisites. The list of prerequisites includes the following: Identifies if current Windows 10 host is on […]
The risk level regarding Active Directory security has changed. Several vulnerabilities have been made popular with tools like mimikatz or sites likes adsecurity.org. PingCastle is a tool designed to assess quickly the Active Directory security level with a methodology based on risk assessment and a maturity framework. It does not aim at a perfect evaluation […]
ADRecon provides a holistic picture of the current state of AD environment. This tool can be used by Blue Team, Purple Team, Red Team, System Administrators or just security professional to extract and combines various artifacts out of an AD environment. The information can be presented in a specially formatted Microsoft Excel report that includes […]
BloodHound is a single page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4jdatabase fed by a PowerShell ingestor. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to […]
Bloodhound is an open source application used for analyzing security of active directory domains. The tool is inspired by graph theory and active directory object permissions. The tool performs data ingestion from Active Directory domains and highlights the potential for escalation of rights in Active Directory domains, thus uncovering hidden or complex attack paths that […]
CrackMapExec(CME) is a post exploitation tool that can be used for tasks like cracking administrative rights and mapping active directory networks. Active directory is a windows OS utility that provides services like protocols to access other directories in the network, security services through SSL and Kerberos authentication, organizational data storage in a centralized location, and […]
An information security expert explains that Grouper is an unstable PowerShell module designed for use by pentesters and redteamers that filters the XML output of the Get-GPOReport cmdlet and identifies all the settings defined in the GPO group policy objects that may be useful for someone who tries to do something bad. Here are some examples of […]
A group of information security professionals that does active directory audits recently noticed that they are repeating themselves over and over again. So, the experts decided to write as much of this up as possible in a PowerShell script to make their lives easier. The experts chose PowerShell because they don’t want to drop an exe on […]