- User and Entity Behavior Analytics ("UEBA")
User and Entity Behavior Analytics ("UEBA"). This expanded definition includes devices, applications, servers, data, or anything with an IP address.
https://en.wikipedia.org/wiki/User_behavior_analytics
- user behavior analytics (UBA)
user behavior analytics tools have more advanced profiling and exception monitoring capabilities than SIEM systems and are used for two main functions. First, UBA tools determine a baseline of normal activities specific to the organization and its individual users. Second, they identify deviations from normal. UBA uses big data and machine learning algorithms to assess these deviations in near-real time.
http://searchsecurity.techtarget.com/definition/user-behavior-analytics-UBA
- User Behavior Analytics ("UBA") as defined by Gartner, is a cybersecurity process about detection of insider threats, targeted attacks, and financial fraud. UBA solutions look at patterns of human behavior, and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns - anomalies that indicate potential threats
- Defending Against Pass-The-Ticket Attacks
Pass-the-Ticket attacks are typically launched in one of two ways:
The hacker steals a Ticket Granting Ticket or Service Ticket from a Windows machine and uses the stolen ticket to impersonate a user, or
The hacker steals a Ticket Granting Ticket or Service Ticket by compromising a server that performs authorization on the users’ behalf.
http://www.identityweek.com/defending-against-pass-the-ticket-attacks/
- Windows Credentials Editor (WCE) – List, Add & Change Logon Sessions
‘Steal’ NTLM credentials from memory (with and without code injection)
‘Steal’ Kerberos Tickets from Windows machines
Use the ‘stolen’ kerberos Tickets on other Windows or Unix machines to gain access to systems and services
Dump cleartext passwords stored by Windows authentication packages
http://www.darknet.org.uk/2015/02/windows-credentials-editor-wce-list-add-change-logon-sessions
- Windows Credentials Editor
This tool can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.), obtain Kerberos tickets and reuse them in other Windows or Unix systems and dump cleartext passwords entered by users at logon.
WCE is a security tool widely used by security professionals to assess the security of Windows networks via Penetration Testing. It supports Windows XP, 2003, Vista, 7, 2008 and Windows 8.
http://www.ampliasecurity.com/research/windows-credentials-editor/
- Using WCE (Windows Credential Editor)
C:\Users\Ale\Desktop>wce -l
WCE v1.4beta (X64) (Windows Credentials Editor) – (c) 2010-2013 Amplia Security
– by Hernan Ochoa (hernan@ampliasecurity.com)
Ale:WIN71_64:960407EE2F0ED879AAD3B435B51404EE:95947E88DC144165EEC12CC2039E56B6
C:\Users\Ale\Desktop>wce -w
WCE v1.4beta (X64) (Windows Credentials Editor) – (c) 2010-2013 Amplia Security
– by Hernan Ochoa (hernan@ampliasecurity.com)
Ale\WIN71_64:ceh123!
https://alexandreborges.org/2014/02/14/using-wce-windows-credential-editor
- Pass the hash
https://en.wikipedia.org/wiki/Pass_the_hash
- UEBA is new class of security technology that is designed to identify next-generation security threats that have penetrated traditional firewalls and other perimeter systems.
Examples of these activities include unusual access to systems and data by trusted insiders or third parties, and breaches by external attackers evading preventative security controls.
The Niara behavioral analytics solution seamlessly integrates with the ClearPass network security platform to create the industry's most complete visibility and attack detection system.
The Niara behavioral analytics solution seamlessly integrates with the ClearPass network security platform to create the industry's most complete visibility and attack detection system.
The Niara behavioral analytics solution seamlessly integrates with the ClearPass network security platform to create the industry's most complete visibility and attack detection system.
http://www.marketwired.com/press-release/hpe-acquires-niara-to-enhance-security-at-the-intelligent-edge-nyse-hpe-2192822.htm
No comments:
Post a Comment