Active Directory – MrHacker

Data Breach

Apr 15, 2024

Timing is Everything: The Role of Just-in-Time Privileged Access in Security Evolution

To minimize the risk of privilege misuse, a trend in the privileged access management (PAM) solution market involves implementing just-in-time (JIT) privileged access. This approach to privileged identity management aims to mitigate the risks associated with prolonged high-level access by granting privileges temporarily and only when necessary, rather than providing users with continuous high-level privileges. […]

root

Vulnerabilities

Apr 03, 2024

U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers

The U.S. Cyber Safety Review Board (CSRB) has criticized Microsoft for a series of security lapses that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based nation-state group called Storm-0558 last year. The findings, released by the Department of Homeland Security (DHS) on Tuesday, found that the […]

root

Vulnerabilities

Feb 21, 2024

VMware Alert: Uninstall EAP Now – Critical Flaw Puts Active Directory at Risk

VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug. “A malicious actor could trick a target domain user with EAP installed in their web browser into requesting […]

root

Data Breach

Feb 16, 2024

U.S. State Government Network Breached via Former Employee’s Account

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed state government organization’s network environment was compromised via an administrator account belonging to a former employee. “This allowed the threat actor to successfully authenticate to an internal virtual private network (VPN) access point,” the agency said in a joint advisory published Thursday […]

root

Malware

Dec 19, 2023

Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide

The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the U.S. “Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range of businesses and critical infrastructure organizations […]

root

Malware

Oct 12, 2023

Microsoft Defender Thwarts Large-Scale Akira Ransomware Attack

Microsoft on Wednesday said that a user containment feature in Microsoft Defender for Endpoint helped thwart a “large-scale remote encryption attempt” made by Akira ransomware actors targeting an unknown industrial organization in early June 2023. The tech giant’s threat intelligence team is tracking the operator as Storm-1567. The attack leveraged devices that were not onboarded […]

root

Jul 21, 2023

Azure AD Token Forging Technique in Microsoft Attack Extends Beyond Outlook, Wiz Reports

The recent attack against Microsoft’s email infrastructure by a Chinese nation-state actor referred to as Storm-0558 is said to have a broader scope than previously thought. According to cloud security company Wiz, the inactive Microsoft account (MSA) consumer signing key used to forge Azure Active Directory (Azure AD or AAD) tokens to gain illicit access […]

root

Vulnerabilities

Aug 20, 2022

CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday moved to add a critical SAP security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The issue in question is CVE-2022-22536, which has received the highest possible risk score of 10.0 on the CVSS vulnerability scoring system and was addressed […]

root

Malware

Aug 18, 2022

Hackers Using Bumblebee Loader to Compromise Active Directory Services

The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. “Bumblebee operators conduct intensive reconnaissance activities and redirect the output of executed commands to files for exfiltration,” Cybereason researchers Meroujan Antonyan and Alon Laufer said in […]

root

Malware

Jul 14, 2022

A Simple Formula for Getting Your IT Security Budget Approved

Although there is a greater awareness of cybersecurity threats than ever before, it is becoming increasingly difficult for IT departments to get their security budgets approved. Security budgets seem to shrink each year and IT pros are constantly being asked to do more with less. Even so, the situation may not be hopeless. There are […]

root

Malware

Sep 28, 2021

Microsoft Warns of FoggyWeb Malware Targeting Active Directory FS Servers

Microsoft on Monday revealed new malware deployed by the hacking group behind the SolarWinds supply chain attack last December to deliver additional payloads and steal sensitive information from Active Directory Federation Services (AD FS) servers. The tech giant’s Threat Intelligence Center (MSTIC) codenamed the “passive and highly targeted backdoor” FoggyWeb, making it the threat actor […]

root

Security Tools

Nov 04, 2018

ADModule – Microsoft Signed ActiveDirectory PowerShell Module

Microsoft signed DLL for the ActiveDirectory PowerShell module Just a backup for the Microsoft’s ActiveDirectory PowerShell module from Server 2016 with RSAT and module installed. The DLL is usually found at this path: C:WindowsMicrosoft.NETassemblyGAC_64Microsoft.ActiveDirectory.Management and the rest of the module files at this path: C:WindowsSystem32WindowsPowerShellv1.0ModulesActiveDirectory Usage You can copy this DLL to your machine and […]

root

Security Tools

Jul 17, 2018

LogonTracer – Investigate Malicious Windows Logon By Visualizing And Analyzing Windows Event Log

Investigate malicious logon by visualizing and analyzing Windows active directory event logs. Concept LogonTracer associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph. This way, it is possible to see in which account login attempt occurs and which host is used. This tool […]

root

Vulnerabilities

Apr 26, 2018

How to find Vulnerabilities in Active Directory Settings?

An information security expert explains that Grouper is an unstable PowerShell module designed for use by pentesters and redteamers that filters the XML output of the Get-GPOReport cmdlet and identifies all the settings defined in the GPO group policy objects that may be useful for someone who tries to do something bad. Here are some examples of […]

root

Data Security

Apr 21, 2018

PowerShell, How to Automate an Active Directory Audit

A group of information security professionals that does active directory audits recently noticed that they are repeating themselves over and over again. So, the experts decided to write as much of this up as possible in a PowerShell script to make their lives easier. The experts chose PowerShell because they don’t want to drop an exe on […]

root

Malware

Jun 03, 2017

A Banking Trojan Called “QakBot ” Attack Thousands of Windows Active Directory and users to get locksout of their Company’s Domain

An Existing Banking Trojan called “QakBot ” attack Windows Active Directory users and leads to locks out the thousands of Active Directory users which caused a big impact for Organizations in terms of access their networked assets. Windows Active Directory performs a centralized Domain management control to authenticates, authorizes and Policy and Procedure. all users […]

root