fbpx
cybersecurity
education
€ EUR
  • $ USD
  • € EUR

Hacks Weekly #60 – PetitPotam Strikes Back: From (almost) Zero to Domain Admin

PetitPotam: How an NTLM relay attack can threaten Active Directory, Active Directory Certificate Services and your network   PetitPotam is an advanced coercing attack and in combination with NTLM relay (NTLM redirection) attack it creates a serious threat to Active Directory (AD) infrastructures. By exploiting vulnerabilities in the EFS (Encrypted File System) RPC calls, PetitPotam can […]

Back to Basics: Identity Protection in Azure Active Directory

identity protection in azure

Identity Protection is a security feature in Azure Active Directory that helps to prevent, detect, and remediate identity risk in an organization. Using multiple detections, it monitors every login for identity compromise, sorting sign-ins into three categories of risk: low, medium, and high. These risk ratings can be used to create automated user risk policies […]

User Secrets: How to Get Them Back Using Password Recovery Tools

What is DPAPI? Data Protection Application Programming Interface (DPAPI) is used in many Windows applications and subsystems. What is its purpose? For example: Credentials of Microsoft Outlook accounts stored in the registry; Credentials and encrypted cookies stored by Google Chrome; Credentials stored by IE in the registry under HKCU\Software\Microsoft\Internet Explorer; WiFi passwords saved in XML […]

How to Recover Corrupted EVTX Log Files and Extract Information

How to Recover Corrupted EVTX Log Files and Extract Information

Find out:  how to recover corrupted EVTX log files  recover log files directly from a memory dump Watch the full video for more details and examples. Tools for EVTX file recovery Our experts developed this particular tool because there are so few options available online for fixing EVTX files. Try our CQEVTXRecovery tool. It is […]

How Forensic Experts Use Windows Prefetch

How Forensic Experts Use Windows Prefetch

Prefetch files offer a digital snapshot of events inside your Windows operating system (OS). Because they are created when an executable program is run from a particular location for the very first time, forensic specialists can use these files to determine what was running and when. In the event of a cyber-attack, the timeline of […]

A Look Inside the Pass-the-PRT Attack

Pass-the-PRT Attack

Discover what a Primary Refresh Token is and how cyber-criminals are exploiting it in two different ways to launch Azure Active Directory attacks.

How can we help you?

Suggested searches

    Search history

      Popular searches:

      Not sure what course to look for?

      Mobile Newsletter Form