New Microsoft Exchange Vulnerability Exposes Domain Admin Privileges: Here’s What to Do

New Microsoft Exchange Vulnerability Exposes Domain Admin Privileges: Here’s What to Do

| | Microsoft, NTLM
Last week, the CERT Coordination Center (CERT/CC) issued a vulnerability note warning versions of Microsoft Exchange 2013 and newer are vulnerable to an NTLM relay attack that allows for attackers to gain domain admin privileges. Organizations that rely on Microsoft Exchange are currently at risk of a serious data breach ... Read More
Enterprises continue to suffer from poor password hygiene and a lack of visibility & control over privileged users

Enterprises continue to suffer from poor password hygiene and a lack of visibility & control over privileged users

It has been more than a year since I last shared Preempt Inspector statistics. Last time we shared Preempt Inspector statistics we found some alarming numbers. With the end of 2018 approaching, I would like to share with you key findings from Preempt Inspector to help you focus on the ... Read More
Is Your Organization at Risk Because a Local Administrator Has a Weak Password?

Is Your Organization at Risk Because a Local Administrator Has a Weak Password?

| | passwords, Stealthy Admin
In July, media reported that SingHealth, Singapore’s largest health organization, was breached with 1.5 million medical records stolen. The stolen records included those of Singapore’s prime minister Lee Hsien Loong. Consequently, a special inquiry had taken place, revealing that SingHealth had several security gaps and vulnerabilities which could have easily ... Read More
LDAP & RDP Relay Vulnerabilities in NTLM - Demonstration

The Security Risks of NTLM: Proceed with Caution

| | Active Directory, KERBEROS, NTLM, risk
NTLM (NT LAN Manager) is Microsoft's old authentication protocol that was replaced with Kerberos starting Windows 2000. It was designed and implemented by Microsoft engineers for the purpose of authenticating accounts between Microsoft Windows machines and servers. Even though it has not been the default for Windows deployments for more ... Read More
Is Your PAM Solution Enough to Block Credential Theft?

Is Your PAM Solution Enough to Block Credential Theft?

|
I was recently working with a large US-based company that suffered from repeated breaches to their corporate network. After we deployed the Preempt Platform and started monitoring all traffic, we quickly found several hacked privileged accounts that attackers were using. The interesting thing was that all privileged accounts were protected ... Read More
Disrupting the Cyber Kill Chain: How to Contain Use of Tools and Protocols

Disrupting the Cyber Kill Chain: How to Contain Use of Tools and Protocols

|
Preventing lateral movement and unauthorized domain access due to the misuse of network credentials - especially due to reconnaissance tools looking for weak spots - is a challenge plaguing many enterprises. In fact, it’s a decades-old security problem. A major issue for enterprises has been how to detect and contain ... Read More
Exploiting Authentication in Microsoft Remote Desktop Protocol (MS-RDP)

Security Advisory: Critical Vulnerability in CredSSP Allows Remote Code Execution on Servers Through MS-RDP (Video)

In March Patch Tuesday, Microsoft released a patch for CVE-2018-0886, a vulnerability discovered by Preempt researchers. The vulnerability consists of a logical flaw in Credential Security Support Provider protocol (CredSSP) which is used by RDP (Remote Desktop Protocol) and Windows Remote Management (WinRM) that takes care of securely forwarding credentials ... Read More