Collecting information about the domain environment with SharpHound A program that collects domain environment data – SharpHound is a component of the BloodHound tool. The collection of environmental data starts when SharpHound.exe is run on one of the computers. The entire BloodHound package can be downloaded (Figure 32) from the address: https://github.com/BloodHoundAD/BloodHound/releases After downloading and …
Dawid Farbaniec
Part 1. Windows security: reconnaissance of Active Directory environment with BloodHound.
Windows security: reconnaissance of Active Directory environment with BloodHound. In this article we will take a closer look at the BloodHound tool – Six Degrees of Domain Admin. The application was developed in JavaScript and built using the Electron platform. The graphical visualization uses the Neo4j database. During the experiment, we will use a Windows …
Part 1. Windows security – what is LSASS dump. How to protect against it?
Windows security – what is LSASS dump. How to protect against it? The ability of Advanced Persistent Threat (APT) groups and other threat actors to take a dump of Windows credentials is a serious threat especially to enterprises and other organizations. The MITRE ATT&CK knowledge base, which is created primarily to support defense against cyber …
Part 2. Windows security – what is LSASS dump. How to protect against it?
Bypassing LSA Protection (RunAsPPL) with Mimikatz Mimikatz is a tool by Benjamin Delpy for extracting Windows credentials in various ways. Important note: It is possible that running Mimikatz on Windows 10 will end in an error: kuhl_m_sekurlsa_acquireLSA ; Key import It may be helpful to use an older version, specifically Mimikatz v2.1.1 from here: https://github.com/gentilkiwi/mimikatz/files/4167347/mimikatz_trunk.zip …