Hacks Weekly #60 – PetitPotam Strikes Back: From (almost) Zero to Domain Admin
PetitPotam: How an NTLM relay attack can threaten Active Directory, Active Directory Certificate Services and your network PetitPotam is an advanced coercing attack and in combination with NTLM relay (NTLM redirection) attack it creates a serious threat to Active Directory (AD) infrastructures. By exploiting vulnerabilities in the EFS (Encrypted File System) RPC calls, PetitPotam can […]
Back to Basics: Identity Protection in Azure Active Directory
Identity Protection is a security feature in Azure Active Directory that helps to prevent, detect, and remediate identity risk in an organization. Using multiple detections, it monitors every login for identity compromise, sorting sign-ins into three categories of risk: low, medium, and high. These risk ratings can be used to create automated user risk policies […]
User Secrets: How to Get Them Back Using Password Recovery Tools
What is DPAPI? Data Protection Application Programming Interface (DPAPI) is used in many Windows applications and subsystems. What is its purpose? For example: Credentials of Microsoft Outlook accounts stored in the registry; Credentials and encrypted cookies stored by Google Chrome; Credentials stored by IE in the registry under HKCU\Software\Microsoft\Internet Explorer; WiFi passwords saved in XML […]
How to Recover Corrupted EVTX Log Files and Extract Information
Find out: how to recover corrupted EVTX log files recover log files directly from a memory dump Watch the full video for more details and examples. Tools for EVTX file recovery Our experts developed this particular tool because there are so few options available online for fixing EVTX files. Try our CQEVTXRecovery tool. It is […]
How Forensic Experts Use Windows Prefetch
Prefetch files offer a digital snapshot of events inside your Windows operating system (OS). Because they are created when an executable program is run from a particular location for the very first time, forensic specialists can use these files to determine what was running and when. In the event of a cyber-attack, the timeline of […]
A Look Inside the Pass-the-PRT Attack
Discover what a Primary Refresh Token is and how cyber-criminals are exploiting it in two different ways to launch Azure Active Directory attacks.
Man-in-the-middle attack – everything you need to know to perform it
Find out how Paula J, CQURE Academy CEO performs Man-in-the-middle attack, to know what to be aware of.
Don’t Take Candy or USBs from Strangers – USB attack is the serious threat
Find out how Paula J, CQURE Academy CEO performs Man-in-the-middle attack, to know what to be aware of.
The Attack That Can Fool Anyone. Don’t Ignore Social Engineering
Paula Januszkiewicz demonstrates a social engineering attack in which Evilginx is deployed to phish Microsoft Teams login credentials.
How to Bury Risk in the Sand? Configure Windows Sandbox for malware analysis
Windows Sandbox can protect your PC from malicious executables. Here’s how to install and configure it correctly from a security expert.