The broadcast protocols NetBIOS over TCP/IP and LLMNR are used in most modern networks only for compatibility with legacy Windows versions. Both protocols are susceptible to spoofing and MITM attacks.…
In August 2020, Microsoft released an update to fix a critical Windows Server vulnerability in Active Directory — CVE-2020-1472 (more known as Zerologon) . This update was successfully installed on…
NTLM (NT LAN Manager) has been used as the basic Microsoft authentication protocol for quite a long time: since Windows NT. Although Microsoft introduced a more secure Kerberos authentication protocol…
Administrators often have to store passwords in automation scenario directly in the body of PowerShell scripts. As you know, it is extremely insecure when used in a productive environment, since…
In this article, I have tried to collect all major organizational and technical rules of using privileged / administrative accounts in the organization to improve security in the Windows network.…
In the previous article, we told that one of the ways to defending against mimikatz-like utilities is disabling the debug privilege for system administrators using Debug Program policy. However, recently…
The IT community remembered late June, 2017, due to massive infection of many largest companies and government institutions in Ukraine, Russia, Germany, France and some other countries with a new…
Mimikatz, a tool that allows to extract Windows credentials as plain text from LSA, is available since 2012. However, besides a well-covered feature of recovering passwords from the memory of…