Today we’re sharing an updates to episode #512 where we ran Rapid7’s InsightIDR through a bunch of attacks:
-
Active Directory enumeration via SharpHound
-
Password spraying through Rubeus
-
Kerberoasting and ASREPRoasting via Rubeus
-
Network protocol poisoning with Inveigh. Looking for a free way to detect protocol poisoning? Check out CanaryPi.
-
Hash dumping using Impacket. I also talk about an interesting Twitter thread that discusses the detection of hash dumping.
-
Pass-the-hash attacks with CrackMapExec
In today’s episode I share some emails and conversations we had with Rapid7 about these tests and their results. I’m also thrilled to share with you the articles themselves:
Share on socials: