Monday, February 12, 2024

Perception is Deception - Beware your Normalacy Bias...

 


 “...All warfare is based on deception. Hence, when we are able to attack, we must seem unable; when using our forces, we must appear inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near...”
Sun tzu, The Art of War

Monitoring Active Directory OU's and Group membership changes is a Category One [HIGHEST] risk mitigation strategy, absolutely... however...

Are you monitoring [and using REAL TIME ALERTING?] for all of the Domain Admin "...equivalent..." OU's and Groups?

...PROBABLY NOT...

If you're looking for a spot near and dear to your CISO's heart, couple this with the one - two punch of implementing some top shelf DNS Security Monitoring like "Digital Defense Cloud" from the great folks at ThreatSTOP in Carlsbad California, you can thank me later...

As Will Smith would say, "...get jiggy wit it!..." and REALLY minimize your attack surface and risk posture by getting this set up today!

A brief musical interlude...

See the attached article's and if you really want the inside scoop, check out the excellent companion article at ADSECURITY.ORG for more on this topic.

SOME EXCELLENT REFERENCES on AD GROUP and OU monitoring, not for the faint of heart...

Microsoft Guidance

 From the pro's @ ADSECURITY.org

Posted by at No comments:

Tuesday, January 9, 2024

Part Two: Effortless Credential Harvesting

 

 

"...One popular means of credential access is the use of Mimikatz, described as the “AK47 of cyber” . The OverWatch team regularly sees Mimikatz used by both targeted adversaries and pen testers..."

Quote from CrowdStrike Co-Founder, Dmitri Alperovitch.

BOTTOM LINE UP FRONT:

 Risk Awareness... it's got to be a cornerstone of your Attack Prevention Strategy... where can you get a "... Cyber Security Early Warning System?...".

Since I am not attempting to sell you anything, I'll tell you the truth... you need a stellar DNS Security Tool as the Crown Jewel of your Attack Prevention Strategy.  There are many players, mostly Johnny come Lately's on the far side of the Technology Adoption Curve, fighting over the crumbs in the marketplace.

One of the only Companies we recommend to our customers is "ThreatSTOP' from Carlsbad CA.  They have the defacto competitive advantage, the creator of DNS, Dr. Paul Mockapetris is their Chief Scientist and has been on their team for over seventeen years. Hard to beat that!

SOME EXCELLENT REFERENCES on MIMIKATZ BASED CREDENTIAL HARVESTING

the BEST explanation ever!

 Also great analysis..

 Great walk thru of a Mimikatz Credential Harvesting Attack

 Great non-technical backgrounder...


 

Posted by at No comments:
Subscribe to: Posts (Atom)