Windows Hello for Business is a key component of Microsoft’s passwordless authentication strategy. It enables user authentication not only during system sign-in but also in conjunction with new and advanced features such as Personal Data Encryption, Administrator Protection, and Recall. Rather than depending on traditional passwords, Windows Hello leverages a PIN or biometric methods – such as fingerprint or facial recognition – to unlock cryptographic keys protected by the Trusted Platform Module (TPM).
BloodHound data collection, aka Sharphound, is quite a complex beast.
When giving BloodHound workshops, the part where I get the most questions is always data collection.
How is the BloodHound data collected? What methods do what? Who am I talking to? How do I fly under the radar? Continue reading “DogWhisperer’s SharpHound Cheat Sheet”
With the current situation, it’s not easy to find the right angle to start this blog post, so I won’t even try… but with Troopers cancelled, my Bloodhound workshop went down the drain, and I didn’t get a chance to meet or catch up with all of you and share my latest BloodHound adventures. So I decided to write a quick post to share all this…
Some weeks ago, Heinrich and I had the pleasure to participate in the heisec-Webinar “Emotet bei Heise – Lernen aus unseren Fehlern”. We really enjoyed the webinar and the (alas, due to the format: too short) discussions and we hope we could contribute to understand how to make Active Directory implementations out there a bit safer in the future.
The next major release of DirectoryRanger is now available for customers, and for everyone who would like to try it ;-). Current attacks show that quite often the topic of Active Directory Security is not on the security agenda, but it should be, and this was the reason for us to build the tool and, of course, to maintain and improve it. So what are the major new features released with DirectoryRanger 1.5.0? Here we go:
Heise berichtet aktuell öffentlich über die Emotet-Infektion im eigenen Haus, bei dessen Aufklärung ERNW unterstützte. Damit liefert Heise Informationen zum Verlauf aktueller Angriffe, aber insbesondere auch wertvolle Einsichten zu Vorbeugung, Erkennung, Analyse und Gegenmaßnahmen aus eigener Erfahrung, wie sie nur selten der Öffentlichkeit preisgegeben werden.
Ein Team aus Incident-Response Spezialisten der ERNW Research unterstützte Heise bei der Analyse und Rekonstruktion des Vorfalls und analysierte die Schadsoftware, um deren Ausbreitungswege nachzuvollziehen und IoCs (Indicators of Compromise) zu extrahieren. Hierdurch konnten effektive Gegenmaßnahmen entwickelt und gemeinsam mit Heise erfolgreich umgesetzt werden.
Im Zuge dessen unterstützten Active-Directory-Spezialisten der ERNW Heise bei der Konzeption und dem Wiederaufbau eines neuen Active Directory. Im heisec-Webinar am 3. Juli berichtet Heise über den Incident und die wichtigsten Erkenntnisse daraus. Dabei sein werden zwei unserer Active Directory-Security-Spezialisten. Sie werden Konzepte und Verfahren für ein sicheres, resilientes und trotzdem betreibbares Active Directory vorstellen und den Teilnehmern mit Tipps für Containment nach einer Infektion und in gemeinsamer Diskussion zur Verfügung stehen.
As promised in my previous post, I am back for an overview of the Troopers19 – Active Directory related talks… Videos have been published and it’s popcorn time… So if you are into stories about Kingdoms and Crown Jewels, grab your loved one [or a drink…] and turn the lights down low, ’cause tonight it’s “Troopers & Chill…”
Back from Holidays, you started the year well motivated to make the world a safer place.
However, sitting at your desk today you realize nothing really changed since last year, and you are surfing the web, feeling a bit blue, trying to avoid that pile of emails waiting for you and wondering how you could gain some visibility on your domain in order to better defend it.
No worries, emails can wait a bit longer. All you need is some fresh air and something cool to keep your defensive mind motivated for the year, and I might have just what you need; so put on your shoes and let me take you on a 15 minute Cypher walk with a cool blue dog…