Aggregator

error code: 1106

U.S. and German law enforcement seized the domain of the crypto wallet platform Cryptonator, used by ransomware gangs, darknet marketplaces, and other illicit services, and indicted its operator. [...]

Загадочные вредоносные пакеты исчезли так же внезапно, как и появились...

Introducing Hybrid Attack Paths Death from Above: An Attack Path from Azure to Active Directory With BloodHound

When we introduced Azure Attack Paths into BloodHound, they were added as a completely separate sub-graph. At no point did Active Directory (AD) and Azure connect within a BloodHound dataset. Ever since adding Azure (honestly, even before that), we’ve wanted to solve that problem. We’re so very excited to introduce the first version of what we’ve taken to calling a “hybrid path” into BloodHound!

Microsoft Entra Cloud Sync and Microsoft Entra Connect Sync allow administrators to synchronize users from on-premises AD domains up to Entra ID tenants. Additionally, administrators can choose to enable a feature called “Password Hash Synchronization”, which replicates the password hashes from the on-premises user up to its Entra ID counterpart. This allows users to authenticate to Entra/Azure resources using their on-premises AD User Principal Name (UPN) and password. This creates Attack Paths from on-premises AD to Entra ID.

As of BloodHound v5.13.0, when data is collected from an Entra ID tenant as well as an AD domain with users synced between them, BloodHound will automatically generate Hybrid Attack Paths in the graph. Conveniently named “SyncedToADUser” and “SyncedToEntraUser”, these edges indicate where two users are synchronized, which may mean control of one grants control of the other. These edges are generated utilizing the “onpremsyncenabled” and the “onpremid” properties that result from an AzureHound collection. If an Entra ID user object is described as being synced (indicated by a “True” value in the “onpremsyncenabled” field), an edge will be added between the Entra ID user and the AD user identified in the “onpremid” field.

In the below screenshots, you can see the JD Entra ID user has sync enabled with an associated Object ID of the JD AD object displayed.

The Azure User Entity Panel showing the On Prem ID The AD User Entity Panel showing the a matching Object ID

To support these changes, we’ve included several additional pre-built queries in BloodHound for potentially interesting paths for hybrid environments. After clicking on the “Open” folder on the Cypher tab, these queries are available underneath the Azure section:

Cross Platform Attack Paths in Pre-Built Queries

Here’s a set of results from our example dataset for the pre-built query named on-premises Users synced to Entra Users with Entra Admin Roles:

Pathfinding also supports Hybrid Paths, which can uncover those configurations that allow BloodHound to cross from on-prem AD to Azure or vice versa. Here, we show a path starting from anyone in the on-premises domain to Global Administrators in Entra via ADCS and synced user accounts:

Domain Users (AD) to Global Administrators (Azure)

We are very excited to introduce these new edges into the product for testing and validation of hybrid environments. We are already hard at work to research and introduce additional hybrid paths, including computer object synchronization. Additionally, we are developing a capability within BloodHound Enterprise that will enable us to empirically measure the risk to our customers’ critical Tier Zero assets across these hybrid paths. We look forward to sharing more with everyone soon!

BloodHound Enterprise Attack Paths View Improvements

To kick off the start of the many UI improvements we have planned this year, we released an updated attack paths page for BloodHound Enterprise customers with increased readability and enhanced granularity:

New Attack Paths View in BloodHound Enterprise

First, we re-oriented the attack graph to a more familiar left-to-right view versus top to bottom:

This layout now clearly identifies the Tier Zero / critical asset group and states the current exposure for the domain or tenant.

A domain with 99% exposure highlighting an Active Directory Certificate Services Attack Path

We are also introducing a new attribute in this view called “Exposed Principals”. BloodHound Enterprise has always calculated this value but has previously only represented it as a percentage; now this is directly stated as a numeric value in the Attack Path view for additional clarity:

Today in BloodHound Enterprise, Attack Paths are given a severity rating based on their exposure percentage to Tier Zero:

• Critical — 96%+ Exposure
• High — 81–95% Exposure
• Moderate — 41–80% Exposure
• Low — 0–40% Exposure

Now we can not only report the percentage of identities and resources that have an Attack Path, but also include the raw count. This is helpful in large domains where Exposure percentage could be low (30% for example) and the count is useful to still articulate that “This Attack Path exposes Tier Zero to 35,364 principals”.

This number is included in both the Attack Path detail and the graph:

Next, we’ve included the count of findings within the header for every Attack Path:

This allows our users to understand the level of effort to help them better prioritize where to start. In this case, we have two Attack Path choke points that can be completely remediated with less effort.

The Attack Path choke points have also been given more viewable space (50% versus 30%) to make it easier to read the details and we’ve also added a button to drop the results to CSV:

You’ll also notice new helpful columns have been added to the findings details based on the type of Attack Path. For example, we’ve included the age of the password in the “Kerberoastable Users” findings as an indication of which passwords maybe easier to crack:

Introducing Dark Mode for BloodHound

Dark mode is now in early access for both BloodHound Community Edition and BloodHound Enterprise:

ADCS Attack Paths in sweet, sweet darkness Hybrid Attack Paths at

Dark mode can be enabled / disabled through the settings cog on the upper right-hand side of the product (after enabling in Early Access):

For our Enterprise customers, this new theme applies to all portions of the product:

Dark mode in Attack Paths view in BloodHound Enterprise Dark mode in detailed remediation in BloodHound Enterprise Domain security posture over time in dark mode in BloodHound Enterprise

We also standardized our light theme across the product to be more consistent and set up the introduction of other themes in the future. Try it now to remove some of that eye strain and let us know your thoughts!

Going to BlackHat next week? Check out all the updates in person at our booth (#2600) or come hang out with us and a ton of other amazing industry folks at our bowling party on Wednesday evening: https://events.humanitix.com/specterops-black-hat-happy-hour-at-brooklyn-bowl

Hybrid Attack Paths, New Views and your favorite dog learns an old trick was originally published in Posts By SpecterOps Team Members on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post Hybrid Attack Paths, New Views and your favorite dog learns an old trick appeared first on Security Boulevard.

Учёные доказали, что экзотический тип чёрной дыры не может существовать.

via the comic & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Chili Tornado Quake’ appeared first on Security Boulevard.

Community Chats Webinars LibraryHomeCybersecurity NewsFeaturesIndustry SpotlightNews R

A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-state threat actors with ties to China, according to new findings from Cisco Talos. The unnamed organization was targeted as early as mid-July 2023 to deliver a variety of backdoors and post-compromise tools like ShadowPad and Cobalt Strike. It has been attributed

Cyber Espionage / MalwareA Taiwanese government-affiliated research institute that specializes in

error code: 1106

In a monoculture, cybercriminals need to look for a weakness in only one product, or discover an exploitable vulnerability, to affect a significant portion of services.

利用 NASA 双小行星重定向测试(DART)任务的观测数据，研究人员揭示了 Didymos 和 Dimorphos 双小行星系统特征。分析发现，Didymos 的高海拔表面崎岖不平，有大型石块(10-160米长)和陨击坑；低海拔表面则较平坦，大石块和陨击坑都较少。相比之下，Dimorphos 上有各种大小的石块，多个裂缝或断层，还有一些陨击坑。Dimorphos 可能由 Didymos 脱落的物质(在引力作用下聚集)形成而来，两个行星的表面粘聚力特性较低，加上观测到的陨击坑，显示 Didymos 的表面年龄是 Dimorphos 的 40-130 倍。他们估计 Didymos 和 Dimorphos 的年龄分别在 1250 万年左右和不到 30 万年。

Privacy-focused search engine DuckDuckGo has been blocked in Indonesia by its government after citizens reportedly complained about pornographic and online gambling content in its search results. [...]

A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. "The campaign likely targeted diplomats and began as early as March 2024," Palo Alto Networks Unit 42 said in a report published today, attributing it with medium to high level of confidence to APT28, which is also referred to as

Cyber Espionage / Malware A Russia-linked threat actor has been linked to a new campaign that emplo

AttackIQ has released a new attack graph that emulates the behaviors exhibited by Prestige ransomware since the beginning of its activities in October 2022. Prestige has been observed targeting organizations in the transportation and related logistics sectors located in Ukraine and Poland. In November 2022, it was assessed that the Russian adversary known as Sandworm was most likely behind these attacks.

The post Emulating Sandworm’s Prestige Ransomware appeared first on AttackIQ.

The post Emulating Sandworm’s Prestige Ransomware appeared first on Security Boulevard.

In October 2022, Microsoft reported the identification of a new ransomware self-named Prestige that

Uber 和比亚迪达成 10 万辆电动车交易，率先引入电动车的 Uber 平台是欧洲和拉丁美洲。此举旨在让司机能更容易使用便宜的电动汽车，降低总拥有成本。两家公司还计划合作部署自动驾驶汽车。Uber 司机使用电动汽车的比例是私家车主的五倍，对司机的调查发现，电动汽车价格和融资可用性是电动汽车普及的主要阻碍。充电也是一大难题。美国对中国电动汽车征收 100% 的关税，但欧盟的关税只有 17.4%。比亚迪最近获得中国政府的批准，开始在公路上测试 L3 级自动驾驶汽车。