Research and Development

RGH

When attempting to gain a foothold into a Windows Domain, an attacker will often attempt one or two likely passwords against every user in the Active Directory, a so-called horizontal password guessing attack. A small number of failed logons per user will usually not trigger a user account lockout policy and can be very effective. This post will provide an example solution to detecting such attacks in near real time, using only native Windows tools. Continue reading

Some time ago I was on an internal infrastructure pentest job where I found a web server that hosted the TimeLive application. I had never heard of this application, and since I was looking at a login page, I opened a browser to my favourite search engine. The following is a brief explanation of things that I shouldn’t have found. Continue reading

Winlanfoe is a tool that parses the output from enum4linux and displays Domain/Workgroup membership, IP address, Operating System (OS) information and if a host is a domain controller. It is intended to provide an overview of the Samba network structure as reported by enum4linux. Continue reading