8월 22, 2022
Singularity™ Identity vs Creating Active Directory Objects
The attack on Cisco shows that identity-based attacks are a leading threat vector used in data breaches. From the perspective of a threat actor, targeting identity and access management gaps through compromised credentials is the quickest path to reaching a target’s resources and critical data. Attackers are very aware that Active Directory is the crown jewel of a business, granting them the ability to exfiltrate sensitive information, install backdoors, alter security policies, and more.
The threat actor leveraged machine accounts for privileged authentication and lateral movement across the environment, created an administrative user called “z” on the system using the built-in Windows “net.exe” commands, and executed additional utilities such as ADfind or secretsdump. Additionally, the threat actor was observed attempting to extract registry information, including the SAM database on compromised windows endpoints.
Singularity™ Identity prevents the discovery of AD objects using tools like ADfind and stops the dump of credentials from different credential stores. In addition, singularity™ Ranger AD detects suspicious Service Creation on DCs and reports abusing system services or daemons to execute commands or programs.
관련 리소스
데이터시트
Singularity™ Complete AI 지원 엔드포인트와 클라우드 보안
점점 더 복잡해지는 보안 아키텍처와 데이터 소스, 제한된 리소스, 더욱 정교해지는 공격에 직면한 보안 팀은 AI 지원 공격 세례에 대비하느라…
지금 읽기
Resource
SentinelOne PartnerOne - America's 2025
⛳️ Last week in Pebble Beach the America's best cybersecurity partners came together for our annual PartnerOne summit. Check out…
View Asset