New challenge on ACEResponder.com !
Could you identify a modern phishing attack? You think you can, but can you?
This challenge features a large domain with lots of fresh malware samples. Investigate, scope, write detections.
Real SIEM, Real Attacks, Real Experience… tweeter.jakobs.systems/i/web/status/166…
This technique is not easy to detect.
In this example the attacker places a crafted .lnk file on a common file server. Any user that browses the folder will surrender their NetNTLM hash without ever clicking on the file.
After receiving the authentication attempt, the attacker can either:
1. Relay the credentials to a victim with insecure SMB configuration, or
2. Attempt to crack the NetNTLMv2 hash
Are you interested in detection engineering? Just getting started? Maybe looking to make a change from the “red” side? 😈
I am giving away 1 voucher to @ACEResponder’s Intro to Detection Engineering course!
🎬An extended version of the Kerberoasting animation is now available on ACEResponder.com.
Extended animations contain additional attack details, artifacts, and detection opportunities.
🚨New Module on ACEResponder.com!
Want to get started with detection engineering? Why not jump in and build some?🕵️♂️🔎
In this module we cover the core principles and put them to use making kerberoasting detections. Let's do it!
🎬 New extended animations up on ACEResponder.com:
• Remote Service Creation (PsExec)
• DCOM Lateral Movement
• WMI Lateral Movement
Extended animations have additional attack details and key artifacts you could expect to see in your SIEM.