Detecting Kerberoasting

Kerberoasting is an effective method for privilege escalation, pivoting, and even persistence. Let’s take a look at ways to detect (and prevent) this attack. Jump to the portion of this post you are looking for: Background Authentication Process Attack Detection...

On Purple

The “Purple Team” term has been flying around for a while now and it is an important development in our growth as an industry. If you haven’t heard the term before, it is a sharing and collaboration between the Red Team (offense) and the Blue Team...

Logging Passwords on Linux

Hal Pomeranz tipped me off to a nasty little trick of using Linux’s own auditing features and PAM to grab clear text passwords from users as they use sudo/su on the command line. Linux PAM (Pluggable Authentication Modules) are a flexible method of implementing...