Pass-the-Hash (PtH): Attack Technique and Complete Defenses

What is Pass-the-Hash? Pass-the-hash (PtH) is an attack technique that allows an attacker to authenticate to a remote system using the password hash, without the need for the password in plain text. It is particularly effective in Windows environments, where the NTLM authentication protocol allows authentication using static hashes. How the attack works Initial access … Continue reading Pass-the-Hash (PtH): Attack Technique and Complete Defenses →

Secure Boot Vulnerability CVE-2023-24932: What You Need to Know

Secure Boot Security Feature Bypass Vulnerability (CVE-2023-24932) is a Security Vulnerability released on May 9, 2023. It allowed an attacker who successfully exploited this vulnerability to bypass Secure Boot on devices. To exploit the vulnerability, an attacker needs physical access or administrative rights to a target device. The attacker then install an affected boot policy. … Continue reading Secure Boot Vulnerability CVE-2023-24932: What You Need to Know →

Windows LAPS: Transition from Legacy to Modern Password Management

The legacy Microsoft LAPS product is deprecated as of Windows 11 23 H2 and later. The installation of the legacy Microsoft LAPS MSI package is blocked on newer versions of the operating system. Microsoft will no longer consider code changes for the legacy Microsoft LAPS product. Microsoft recommends using Windows LAPS to manage local administrator … Continue reading Windows LAPS: Transition from Legacy to Modern Password Management →