Heimadal Security

JANUARY 27, 2023

Today I am going to talk about one of these strategies: the Kerberos authentication protocol. What Is Kerberos? As you know, normally, users […] The post What Is Kerberos Authentication? appeared first on Heimdal Security Blog.

Authentication 73

Authentication Cybercrime Cybersecurity 73

Security Boulevard

OCTOBER 24, 2023

What we are interested in exploring is what defenders can do beyond those steps. What portions of the organization’s recovery process meet a minimum expectation to cut back the adversary’s stolen access? We will mention any related blogs, tools, or variations of the attack performance.

Backups 69

Backups Passwords Authentication Accountability 69

Security Boulevard

JUNE 22, 2023

What is Tier Zero — Part 1 Tier Zero is a crucial group of assets in Active Directory (AD) and Azure. In this blog post series, we will explain how we define Tier Zero and explain what common assets we recommend to be part of Tier Zero. This blog post was written together with Elad Shamir and Justin Kohler.

Backups 59

Backups Accountability Passwords Authentication 59

Duo's Security Blog

APRIL 6, 2022

One common hurdle for systems administrators setting up new Duo Unix integrations is PAM — Pluggable Authentication Modules. What is PAM? PAM stands for Pluggable Authentication Modules. It is used to standardize authentication for Linux systems. What Does Duo Use PAM For? Setting Control Flags.

Authentication 63

Authentication Passwords Backups System Administration 63

Security Boulevard

JULY 7, 2022

I knew very little about Windows authentication at the time, so when the other red teamer investigated the idea and told us it wasn’t possible, I left it at that. I’ll go over the motivation for this approach, the technical background of why it’s possible and what changed in 2016, and briefly show what Koh can do. Motivation.

Accountability 52

Accountability Social Engineering Authentication Engineering 52

Security Boulevard

JANUARY 17, 2024

This blog post describes methods that SpecterOps consultants have researched to successfully circumvent this technology during offensive assessments. What is RBI and Why Use It? Well, my friend, RBI has many more implications than what the vendors provide at face value. Authored By: Lance B. Why Do We Care?

DNS 64

DNS Penetration Testing Passwords Encryption 64

Pen Test Partners

AUGUST 24, 2023

In hindsight I should have submitted a 45-minute talk as there were some elements missing from what I presented, based on additional research since submitting the CFP. With that in mind, and for those that weren’t able to attend, here’s a follow-up blog post.

DNS 52

DNS Authentication Accountability Passwords 52