Why Most Organizations Still Can’t Defend against DCShadow

Jul 16, 2019 06:00 pm Cyber Security 292
Why Most Organizations Still Can’t Defend against DCShadow

DCShadow is a readily available technique that allows an attacker to establish persistent privileged access in Active Directory (AD).


Specifically, DCShadow allows an attacker with privileged access to create and edit arbitrary objects in AD without anyone knowing. This allows the attacker to create backdoors all over AD that can’t be detected, even if the original privileged access is.


Much has been written about DCShadow, yet most organizations still can’t defend against it.


While that’s a huge concern, it shouldn’t come as a complete surprise given that DCShadow is specifically designed to circumvent existing security measures. So, what can you do about it?


What is DCShadow:


DCShadow is a feature of the open-source Mimikatz utility (available for download here). Mimikatz is the leading post-exploitation tool for Windows credential-based attacks and has been used in many of today’s most destructive cyberattacks, including LockerGoga, NotPetya, WannaCry, SamSam, and no doubt more to come.


How DCShadow works:


DCShadow circumvents existing security measures in several different ways:


  • Exploits the normal replication mechanism in AD. DCShadow is not related to a Windows vulnerability, so there’s no security patch you can apply to eliminate your exposure. It’s also not related to AD configuration, so there’s no setting you can change close a loophole.

  • Evades detection by bypassing Window ..

    Support the originator by clicking the read the rest link below.
    • organizations still defend against dcshadow
    Read The Rest from the original source
    securityboulevard.com

    Related News

    Be in Touch

    All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
    Powered By The Internet!!!!