In November 2014, Microsoft issued a critical patch addressing a Kerberos issue on domain controllers. This vulnerability enables an attacker to leverage any authenticated session to create a Kerberos ticket which can have any group membership in the Active Directory domain, to include membership in domain admins, schema admins, enterprise admins, or BUILTIN\Administrators. In addition, a … Continue reading Understanding MS14-068
Month: December 2014
Cyber Warfare and the New Cold War
The Cold War was a unique period in history; a period of high political tension lasting for almost 45 years whereby the world was divided into distinct categories of extremely capable countries. The term “Cold War” was coined by George Orwell in an article entitled “You and the Atomic Bomb” published in the Tribune on … Continue reading Cyber Warfare and the New Cold War
Recovering Active Directory after Targeted Attack Compromise
Over the past few years, I have had the opportunity to assist various organizations in detecting and removing attackers from large enterprises. Throughout these efforts, I have noticed that remediation of this condition is a difficult and technically challenging task. As a result, I decided to take this on as a challenge and develop a generalized … Continue reading Recovering Active Directory after Targeted Attack Compromise