Active Directory Blogs - Attivo Networks

Yanluowang Ransomware– Protecting Against Active Directory

Reading Time: 2 minutes
Written by: Venu Vissamsetty, VP of Security Research - Yanluowang is the latest targeted ransomware attack that enumerates Active Directory.  It uses tools like ADFind to perform domain reconnaissance, escalate domain privileges, and deploy ransomware across the organization. Active Directory provides managed domain services such ...
Read More

New EMA Research Confirms Active Directory Is Under Attack

Reading Time: 3 minutes
Watch our recent webinar, “Visibility and Invisibility of Credential Protection” Authored by: Carolyn Crandall, Chief Security Advocate, Attivo Networks - Enterprise Management Associates (EMA) has now released a new research report commissioned in part by Attivo Networks. This report focused on Active Directory (AD), the ...
Read More

NOBELIUM: FoggyWeb backdoor targets Active Directory Federation Services

Reading Time: 3 minutes
Written by: Vikram Navali, Senior Technical Product Manager - Microsoft has published an in-depth analysis of a newly detected malware referred to as FoggyWeb. This post-exploitation backdoor can remotely exfiltrate sensitive information from a compromised Active Directory Federation Services (AD FS) server. The research team at ...
Read More

Active Directory, The Oft-Overlooked Attackers’ Crown Jewel

Reading Time: 4 minutes
Register for Nov. 3 webinar, “Chris Krebs: What’s Buried in Every Breach Report that No One is Talking About” Written by: Tony Cole - CTO, Attivo Networks - When you built your security strategy was Active Directory a critical component of it? If not, you’re ...
Read More

Top 10 Ways to Protect Your Active Directory

Reading Time: 5 minutes
Register for the Oct. 20 webinar, “Visibility and Invisibility of Credential Protection” Authored by: Carolyn Crandall, Chief Security Advocate, Attivo Networks - Active Directory (AD) is a high-value target for attackers, who frequently attempt to compromise it to escalate their privileges and expand their access. ...
Read More

Detecting DSRM Account Misconfigurations

Reading Time: 2 minutes
Written by: Vikram Navali, Senior Technical Product Manager - During a Domain Controller (DC) promotion, administrators create a Directory Services Restore Mode (DSRM) local administrator account with a password that rarely changes. The DSRM account is an “Administrator” account that logs in with the DSRM ...
Read More

Windows Security Identifier (SID) History Injection Exposure

Reading Time: 3 minutes
Written by: Vikram Navali, Senior Technical Product Manager - Attackers often look for the easiest way to escalate privileges and bypass security controls. The Windows Security Identifier (SID) injection technique allows attackers to take advantage of the SID History attribute, escalate privileges, and move laterally ...
Read More

PetitPotam Attack – Have You Hardened Your Active Directory?

Reading Time: 2 minutes
Written by: Venu Vissamsetty - VP Security Research, Attivo Networks - Security researcher Gilles Lionel recently disclosed an attack technique named PetitPotam, allowing attackers to achieve domain compromise with just network access to the Enterprise infrastructure. The technique is a classic NTLM relay attack on ...
Read More

Credentials Harvesting from Domain Shares

Reading Time: 3 minutes
Written by: Vikram Navali, Senior Technical Product Manager - Credentials Harvesting is an attack technique adversaries employ after establishing a foothold inside an organization. The technique is to harvest or amass numerous credentials (username/password combinations) for reuse. It helps adversaries move internally to higher-value assets ...
Read More

Credential Dumping by Exploiting Security Support Provider

Reading Time: 2 minutes
Written by: Vikram Navali - Senior Technical Product Manager -Windows operating systems have authentication mechanisms to automatically execute libraries or programs when the computer system boots up or during the user account login. The organization can configure this function by placing these programs at designated ...
Read More

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free

FAST AND EASY

Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial

GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY

  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise
Scroll to Top