NetworkMiner + Cerberos

Extracting Kerberos Credentials from PCAP

NetworkMiner is one of the best tools around for extracting credentials, such as usernames and passwords, from PCAP files. The credential extraction feature is primarily designed for defenders, in order to analyze ...
NetworkMiner 2.5

NetworkMiner 2.5 Released

I am happy to announce the release of NetworkMiner 2.5 today! This new version includes new features like JA3 and parsers for the HTTP/2 and DoH protocols. We have also added support ...
10 Things You Need to Know About Kerberos

10 Things You Need to Know About Kerberos

As our research team continues to find vulnerabilities in Microsoft that bypass all major NTLM protection mechanisms, we start to wonder about the successor protocol that replaced NTLM in Windows versions above ...
NetworkMiner 2.4

NetworkMiner 2.4 Released

We are proud to announce the release of NetworkMiner 2.4 today! The new version comes with several improvements, such as username extraction from Kerberos traffic, better OS fingerprinting and even better Linux ...
LDAP & RDP Relay Vulnerabilities in NTLM - Demonstration

The Security Risks of NTLM: Proceed with Caution

| | Active Directory, KERBEROS, NTLM, risk
NTLM (NT LAN Manager) is Microsoft's old authentication protocol that was replaced with Kerberos starting Windows 2000. It was designed and implemented by Microsoft engineers for the purpose of authenticating accounts between ...
Definition of Cloud Identity and Access Management Written Over A Woman's Face

Definition of Cloud Identity and Access Management (IAM)

Identity and access management (IAM) is a cornerstone of IT and has been for decades. Yet, with the majority of traditional on-prem IT infrastructure migrating to the cloud via vendors such as ...
From Public Key to Exploitation: How We Exploited the Authentication in MS-RDP

From Public Key to Exploitation: How We Exploited the Authentication in MS-RDP

In March Patch Tuesday, Microsoft released a patch for CVE-2018-0886, a critical vulnerability that was discovered by Preempt. This vulnerability can be classified as a logical remote code execution (RCE) vulnerability. It ...
Exploiting Authentication in Microsoft Remote Desktop Protocol (MS-RDP)

Security Advisory: Critical Vulnerability in CredSSP Allows Remote Code Execution on Servers Through MS-RDP (Video)

In March Patch Tuesday, Microsoft released a patch for CVE-2018-0886, a vulnerability discovered by Preempt researchers. The vulnerability consists of a logical flaw in Credential Security Support Provider protocol (CredSSP) which is ...