Category Archives: Active Directory

Credential Access and lateral movement: What can attackers do with the stolen credentials?

Today I would like to cover two well-known tactics, which will be Credential Access and Lateral Movement. Both of these tactics consist of relevant techniques that attackers have been using in the wild. Examples are Credential Dumping and Pass the Hash. Despite that these techniques are relative old. It is still very important these days. Having a good understanding on

Read more

DFIR: Windows and Active Directory Attacks and Persistence

Today I would like to focus on an improved version of my previous blog post about DFIR in Windows & Active Directory. We will cover examples of different attacker’s techniques and ways how attackers could persist in an environment. This will include things from executing the techniques by ourselves, to diving into the traces that it leaves behind, and much

Read more

How to roll out Microsoft LAPS via GPO and why you should do it?

Local Administrator Password Solution (LAPS) is a password manager that can be used to automatically rotate the Built-in Administrator (RID-500) account on each individual workstation or server. The great thing about LAPS is, that it doesn’t require any additional infrastructure to store passwords, and you don’t have to pay for it, because it is free. There are of course better solutions in the market

Read more