Mimikatz is is an application that allows you to view, save and use authentication credentials and even more.
The following examples are simple and do not require a master’s degree in computer science. As an Admin you should go trough the article to make sure you know how to prevent your infrastructure from a Mimikatz attack. Specially if you use older Operating systems!
Continue reading “Use and prevent Mimikatz”Everything seems to be ok and nobody complains, but there is always room for improvement. Especially when it comes to security.
Unfortunately, an updated operating system and antivirus solution are no longer sufficient to be safe. Assessment help to get an overview about risks, misconfigurations, legacy configurations and optimisations.
Microsoft offers a service called “RAP as a Service” where you can choose (not for free!) assessments of multiple technologies. One of their offering is an Active Directory Security RAP. The assessment opens your eyes to what is not optimally configured and fills the task list of every AD responsible. The services is quite good but there is one problem: You need a “Microsoft Premier Support contract”. Not every company has such a contract as they are expensive and third parties offer similar Support offerings.
Give it a try if you’re eligible to use it: https://services.premier.microsoft.com/assess?Culture=en-US
In addition to these paid offers, there are also freely usable tools.
Ping Castle is an Active Directory Security Assessment tool which helps to detect security issues, get an overview of the technical situation and provide guidance and advice’s to fix the issues.
There is a free version available with basic functionalities. The tool scans you Active Directory objects, permissions, GPOs and many more (remote SMBv1 check, specific user permission scan, …) and generates a report against >100 checks to get an indicator of the Domain risk level. Details on all findings can then be remediated by going trough each documentation:
If you need more features, there are three paid version which come with additional benefits:
Give it a try!
I want to share my experience about a product called safepass.me
Some months ago I was searching a product which prohibits users to use “unsafe” passwords when changing their password. In simple words: “a password filter”
I found some self-made solutions which could be adopted, but they rely on a huge database, additional infrastructure or others require a direct connection to the internet (see Links).
As the solution must run on every Domain Controller the non-commercial solutions, the ones using additional infrastructure and the products require an internet connection did not made the race.
Finally, I found safepass.me, which uses a special technology to keep the amount of data (denied passwords list) small and no data is sent to the Internet. The “denied password list” is stored locally on every “Domain Controller”.
Unsafe passwords are passwords which can be cracked easily because of its lenghts and complexity or they are just known passwords.
At first glance, the following passwords look quite safe. They are complex, have at least 8 characters, so they should be safe. But… no, they aren’t!
Check passwords above or your own password on Have I been Pwed to see how safe it is:
https://haveibeenpwned.com/Passwords
When a user changes his password, the safepass.me application on each Domain Controller checks the new password against known passwords in the local database and blocks all compromised passwords. The local database is an improved (reduced size) version of HaveIBeenPwned.
