Get a Pentest and security assessment of your IT network.

News

Where pass-the-hash attacks could be hiding

Windows creates the account, gives it a password, and uses it behind the scenes. Windows gives them random, long, and complex passwords. The real threat from a computer account is its storage password hash. Service accounts often belong to elevated groups, such as Domain Computers. One enterprising advanced persistent threat even hijacked the built-in krbtgt account, which is used by Kerberos authentication. To see what groups a domain-joined computer belongs to, at an elevated prompt type the following: “Domain Computers””]

Source: https://www.csoonline.com/article/2609584/where-pass-the-hash-attacks-could-be-hiding.html

Related posts
News

Ashley Madison 2.0 Hackers Leak 20GB Data Dump, Including CEO's Emails

News

Art of Twitter account hacking

News

Botnet authors use Evernote account as C&C Server

News

Canadian agency breached as hackers exploit CVE-2017-5638 flaw in Apache Struts 2