By leveraging snapshots, attackers can bypass security mechanisms and extract passwords or access tokens, allowing privilege escalation across the entire network. Watch the video above to find out how hackers can lay their hands on passwords by taking a snapshot of the running VM along with the memory and downloading the snapshot memory status files, […]
How can the Windows Mark-of-the-Web Protection be bypassed? 🦝 Amr Thabet, Malware Researcher & Incident Handler, presented some of the scenarios in episode 62 of our #HacksWeekly series! Windows Mark-of-the-Web Protection is just the first layer of protection. The problems start when users use 7-ZIP or delete the specific version of the file and download […]
What is MITM6? MITM6 is an advanced penetration testing tool that exploits default Windows DNS configurations to facilitate man-in-the-middle (MITM) attacks. It targets mainly networks where IPv6 is enabled but not actively used. By responding to DHCPv6 messages, MITM6 can redirect traffic from vulnerable Windows machines to an attacker’s system. These redirections take place because […]
PetitPotam: How an NTLM relay attack can threaten Active Directory, Active Directory Certificate Services and your network PetitPotam is an advanced coercing attack and in combination with NTLM relay (NTLM redirection) attack it creates a serious threat to Active Directory (AD) infrastructures. By exploiting vulnerabilities in the EFS (Encrypted File System) RPC calls, PetitPotam can […]
Identity Protection is a security feature in Azure Active Directory that helps to prevent, detect, and remediate identity risk in an organization. Using multiple detections, it monitors every login for identity compromise, sorting sign-ins into three categories of risk: low, medium, and high. These risk ratings can be used to create automated user risk policies […]
Learn how to extract passwords from the service accounts and how to implement gMSA (group Managed Service Accounts) in order to manage the identity of services correctly.
What is DPAPI? Data Protection Application Programming Interface (DPAPI) is used in many Windows applications and subsystems. What is its purpose? For example: Credentials of Microsoft Outlook accounts stored in the registry; Credentials and encrypted cookies stored by Google Chrome; Credentials stored by IE in the registry under HKCU\Software\Microsoft\Internet Explorer; WiFi passwords saved in XML […]
Find out: how to recover corrupted EVTX log files recover log files directly from a memory dump Watch the full video for more details and examples. Tools for EVTX file recovery Our experts developed this particular tool because there are so few options available online for fixing EVTX files. Try our CQEVTXRecovery tool. It is […]
Prefetch files offer a digital snapshot of events inside your Windows operating system (OS). Because they are created when an executable program is run from a particular location for the very first time, forensic specialists can use these files to determine what was running and when. In the event of a cyber-attack, the timeline of […]
Discover what a Primary Refresh Token is and how cyber-criminals are exploiting it in two different ways to launch Azure Active Directory attacks.
Do you want to receive the geekiest cybersecurity solutions, tools, and tricks, straight to your inbox?
Learn more about our offer in terms of Consulting. Our Cybersecurity Experts perform consulting work on a daily basis, hence we are fully prepared for any challenge.
Learn more about our offer in terms of Consulting. Our Cybersecurity Experts perform consulting work on a daily basis, hence we are fully prepared for any challenge.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
