New LDAP & RDP Relay Vulnerabilities in NTLM

Posted by Yaron Zinar on Jul 11, 2017 10:01:54 AM

Over the past few months, the Preempt research team discovered and reported two Microsoft NT LAN Manager (NTLM) vulnerabilities. These vulnerabilities have a common theme around two different protocols handling NTLM improperly. These issues are particularly significant as they can potentially allow an attacker to create new domain administrator accounts even when best-practice controls such as LDAP server signing and RDP restricted admin mode are enabled.

Read More

Topics: Domain Controller, NTLM, Hacking, Threat Detection, Security Advisory, Microsoft

Taming ProjectSauron’s Evil Eye From Compromising Domain Controllers

Posted by Avi Kama on Aug 18, 2016 10:58:46 AM

In the past few days we all learned of the latest advanced cyber espionage spyware, ProjectSauron. An in-depth analysis was published by Kaspersky Lab, and found it to be one of the most advanced cyber-warfare malware ever made. The malware was named ProjectSauron after reference to the evil dark lord of Lord of the Rings was found embedded in the code.

Read More

Topics: APT, ProjectSauron, User and Entity Behavior Analytics, Domain Controller

Five Common Misconceptions In Enterprise Security Organizations - Part One

Posted by Eyal Karni on Jul 28, 2016 9:40:49 AM

In Enterprise security organizations decisions are often made without looking at the big picture. Putting together a security strategy is hard. And sometimes it’s impossible to fully understand the different features and advantages different security solutions provide versus what the organization really needs. Current trends, rumours, lack of security skills or the need to feel secure might have an impact on these decisions. Without a comprehensive knowledge of security--like good attackers or good security researchers often have--an organization can leave themselves exposed.

Read More

Topics: Security Skills, APT, Domain Controller