Hacks Weekly #61 – Man in the middle with MITM6 and NTLMRelay
What is MITM6? MITM6 is an advanced penetration testing tool that exploits default Windows DNS configurations to facilitate man-in-the-middle (MITM) attacks. It targets mainly networks where IPv6 is enabled but not actively used. By responding to DHCPv6 messages, MITM6 can redirect traffic from vulnerable Windows machines to an attacker’s system. These redirections take place because […]
Hacks Weekly #60 – PetitPotam Strikes Back: From (almost) Zero to Domain Admin
PetitPotam: How an NTLM relay attack can threaten Active Directory, Active Directory Certificate Services and your network PetitPotam is an advanced coercing attack and in combination with NTLM relay (NTLM redirection) attack it creates a serious threat to Active Directory (AD) infrastructures. By exploiting vulnerabilities in the EFS (Encrypted File System) RPC calls, PetitPotam can […]
Back to Basics: Identity Protection in Azure Active Directory
Identity Protection is a security feature in Azure Active Directory that helps to prevent, detect, and remediate identity risk in an organization. Using multiple detections, it monitors every login for identity compromise, sorting sign-ins into three categories of risk: low, medium, and high. These risk ratings can be used to create automated user risk policies […]
Group Managed Service Accounts (gMSA) vs. Service Accounts. How to use them?
Learn how to extract passwords from the service accounts and how to implement gMSA (group Managed Service Accounts) in order to manage the identity of services correctly.
User Secrets: How to Get Them Back Using Password Recovery Tools
What is DPAPI? Data Protection Application Programming Interface (DPAPI) is used in many Windows applications and subsystems. What is its purpose? For example: Credentials of Microsoft Outlook accounts stored in the registry; Credentials and encrypted cookies stored by Google Chrome; Credentials stored by IE in the registry under HKCU\Software\Microsoft\Internet Explorer; WiFi passwords saved in XML […]
How to Recover Corrupted EVTX Log Files and Extract Information
Find out: how to recover corrupted EVTX log files recover log files directly from a memory dump Watch the full video for more details and examples. Tools for EVTX file recovery Our experts developed this particular tool because there are so few options available online for fixing EVTX files. Try our CQEVTXRecovery tool. It is […]
How Forensic Experts Use Windows Prefetch
Prefetch files offer a digital snapshot of events inside your Windows operating system (OS). Because they are created when an executable program is run from a particular location for the very first time, forensic specialists can use these files to determine what was running and when. In the event of a cyber-attack, the timeline of […]
A Look Inside the Pass-the-PRT Attack
Discover what a Primary Refresh Token is and how cyber-criminals are exploiting it in two different ways to launch Azure Active Directory attacks.
Man-in-the-middle attack – everything you need to know to perform it
Find out how Paula J, CQURE Academy CEO performs Man-in-the-middle attack, to know what to be aware of.
Don’t Take Candy or USBs from Strangers – USB attack is the serious threat
Find out how Paula J, CQURE Academy CEO performs Man-in-the-middle attack, to know what to be aware of.