Mimikatz is is an application that allows you to view, save and use authentication credentials and even more.
The following examples are simple and do not require a master’s degree in computer science. As an Admin you should go trough the article to make sure you know how to prevent your infrastructure from a Mimikatz attack. Specially if you use older Operating systems!
Everything seems to be ok and nobody complains, but there is always room for improvement. Especially when it comes to security.
Unfortunately, an updated operating system and antivirus solution are no longer sufficient to be safe. Assessment help to get an overview about risks, misconfigurations, legacy configurations and optimisations.
Active Directory Assessments
Microsoft RAP as a Service
Microsoft offers a service called “RAP as a Service” where you can choose (not for free!) assessments of multiple technologies. One of their offering is an Active Directory Security RAP. The assessment opens your eyes to what is not optimally configured and fills the task list of every AD responsible. The services is quite good but there is one problem: You need a “Microsoft Premier Support contract”. Not every company has such a contract as they are expensive and third parties offer similar Support offerings.
In addition to these paid offers, there are also freely usable tools.
PingCastle
Ping Castle is an Active Directory Security Assessment tool which helps to detect security issues, get an overview of the technical situation and provide guidance and advice’s to fix the issues.
There is a free version available with basic functionalities. The tool scans you Active Directory objects, permissions, GPOs and many more (remote SMBv1 check, specific user permission scan, …) and generates a report against >100 checks to get an indicator of the Domain risk level. Details on all findings can then be remediated by going trough each documentation:
If you need more features, there are three paid version which come with additional benefits:
I want to share my experience about a product called safepass.me
Some months ago I was searching a product which prohibits users to use “unsafe” passwords when changing their password. In simple words: “a password filter”
I found some self-made solutions which could be adopted, but they rely on a huge database, additional infrastructure or others require a direct connection to the internet (see Links). As the solution must run on every Domain Controller the non-commercial solutions, the ones using additional infrastructure and the products require an internet connection did not made the race.
Finally, I found safepass.me, which uses a special technology to keep the amount of data (denied passwords list) small and no data is sent to the Internet. The “denied password list” is stored locally on every “Domain Controller”.
Insecure password
Unsafe passwords are passwords which can be cracked easily because of its lenghts and complexity or they are just known passwords.
At first glance, the following passwords look quite safe. They are complex, have at least 8 characters, so they should be safe. But… no, they aren’t!
Passwort2
Herbst18
Abc@12345
Winter17
Albert123
P@ssw0rd!
Winter18
123qweASD
Aaa123456
July2018
Monkey123
Welcome11
Check passwords above or your own password on Have I been Pwed to see how safe it is:
When a user changes his password, the safepass.me application on each Domain Controller checks the new password against known passwords in the local database and blocks all compromised passwords. The local database is an improved (reduced size) version of HaveIBeenPwned.
Webseitenbetreiber müssen, um Ihre Webseiten DSGVO konform zu publizieren, ihre Besucher auf die Verwendung von Cookies hinweisen und darüber informieren, dass bei weiterem Besuch der Webseite von der Einwilligung des Nutzers
in die Verwendung von Cookies ausgegangen wird.
Der eingeblendete Hinweis Banner dient dieser Informationspflicht.
Sie können das Setzen von Cookies in Ihren Browser Einstellungen allgemein oder für bestimmte Webseiten verhindern.
Eine Anleitung zum Blockieren von Cookies finden Sie
hier.