Besides BloodHound from @_wald0 + @SpecterOps and PingCastle from @mysmartlogon, what other open source or free tools should every organization be running on a regular basis?
Here's some recently published guidance from Trimarc on how to better protect admin credentials and mitigate ransomware impact:
https://t.co/Azsy0c1lBr
I'm releasing my tool to exploit AD CS relaying. It will automate most the steps required for both local and domain privilege escalation. The images below show how it can be used to get a beacon as system on a domain controller.
My lockdown project last year was to build a toolkit to help organisations break attack chains and better defend against lateral movement. I've very proud of what we've achieved with Access Manager. LAPS and JIT for AD-joined hosts made easy, secure, and auditable.
For Windows Event Collection with no agents on the machine, LogBinder SuperCharger is the coolest software. I even got them to add all the Palantir event collection profiles by default. You could implement NSA-compliant collection in a few hours for a whole domain, load-balanced.
Here's a threat on some overpowered technologies to slow down attackers that you can implement _now_.
First, re-implement LAPS (https://t.co/GvdXwpy52L) at your peril.
1/14
Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. We have observed attacks where public exploits have been incorporated into attacker playbooks.