Server Message Block: SMB Relay Attack
In this blog post we are going to discuss SMB Relay Attack. SMB Relay Attack is a type of attack which relies on NTLM Version 2 authentication that is normally used in the most of the companies. Unfortunately, when we are listening to what is going on in the network, we’re able to capture a certain part of the traffic related with the authentication and also relay it to the other servers.
Memory Dump Analysis – extracting juicy data
In this post I will show you how to perform memory dump and how to, by using different types of tools, extract information from the memory dump. It is fantastic to learn it in order to follow the incident response activities and also how to extract the information from the memory, so that we are able to get a little bit more insight about what was, or is, working in the operating system at that moment.
Microsoft Local Admin Password Solution (LAPS) – Deployment Steps
Local administrator’s passwords on servers and workstations are usually unmanaged or set up to be the same. In both cases, this is a mistake. In this tutorial you will learn how to manage centrally passwords and make sure that they are different on every computer in the enterprise. All for that if someone gets into one of the computers and steals local hashes, one is not capable to single-sign-on amongst other computers.