• Home
  • Demo
  • Contact
 
  • Home
  • Our Story
    • Overview
    • Testimonials
    • Industry Recognition
    • Leadership
    • Board of Advisors
  • Our Products
    • Threat Landscape
    • Javelin AD | Protect
    • How It Works
    • IR, Hunting, Breach Containment
    • Solution Architecture
    • Features & Benefits
  • AD Assessment
  • Blog
  • News
  • Press Releases
  • Eyal Neemany Mar 07, 2017

    Detect Pass-The-Ticket and Pass-The-Hash Using Powershell

    By Eyal Neemany | March 7, 2017

    PTH and PTT attacks are commonly known methods that attackers use for their lateral movement in a domain environment. We’ve seen them for a long time in the industry, but the constant pursuit after the detection of those attack methods isn’t over yet.

     

     

    They’re really hard to detect because these attacks leverages legitimate Active Directory operations in order to achieve their goals, which is eventually – getting higher permissions inside the domain environment context, and being able to move laterally into more sensitive and desirable locations.

    Read More..

    [gs_lp_like_post] 0 responses

    Tags

    Active Directory apt10 cia DFIR espionage Forensics Incident Response IR Mimikatz nsa Powershell ransomware Samas

    Categories

  • Blog
  • Press Releases
“LETS PLAN AN APT”
GET THE A3 POSTER
THE TRUTH BEHIND APT
Get the White Paper now
DOWNLOAD
AD ASSESSMENT
Exposed? At risk? Check if an attack left backdoors or hooks behind.
GET AD ASSESSMENT
Story
  • Testimonials
  • Industry Recognition
  • Leadership
  • Board of Advisors
  • Contact Us
  • Blog
Products
  • Threat Landscape
  • Javelin AD | Protect
  • How It Works
  • IR, Hunting, Breach Containment
  • Solution Architecture
  • Features & Benefits
  • Javelin
  • Privacy
  • Terms of Use