Pass-the-hash is popular attack technique to move laterally inside the network that relies on two components – the NTLM authentication protocol and ability to gain password hashes. This attack allows you to log in on the systems via stolen hash instead of providing clear text password, so there is no need to crack those hashes. […]

There is a common problem in all environments with local administrative accounts, such as local Administrator account, root accounts or any kind of application specific built-in admin accounts set to a common password, shared across all systems. It is a tough problem to solve at scale, because as soon as you get more than a […]

In the good old days, users on Windows machines had admin access by default, so malware and hackers didn’t really have to work hard to get the system completely compromised – they really just needed to have a single vulnerability in any user or system application to get a fully privileged access to the system. […]

Default logging in Windows sucks, it doesn’t log much useful data and default storage quotas are ridiculously low. I mean 20Mb for a log? Really? When responding to incidents I often see that logging wasn’t configured properly in the environment making it harder to spot any malicious activity, as well as limiting forensics evidence. Correct […]

There is an app commandlet for that Allegedly dubbed as Microsoft’s post-exploitation language powershell is Microsoft attempt to provide good command-line interface for administrators, developers and power users. Despite being 8 years old it only recently started getting widespread adoption with enterprises moving on to Windows 7 and 2008 environments. There is also increased use […]