Security News > 2021 > September > Finding and using the right cybersecurity incident response tools
You need to analyze many potential entry points, attack paths, and data exfiltration tactics to reveal the scope of what took place-all while the culprits are potentially taking steps to cover their tracks.
The attacker might then use stolen user credentials to move laterally throughout the network, finally launching a DCShadow attack that uses replication permissions to imitate a domain controller and make changes to Active Directory.
To a similar effect, the Purple Knight tool from Semperis allows administrators to enumerate different exposures in AD. Using a combination of the information about the initial access to AD and what exposures exist, security defenders can make determinations about where the attackers might have gone next.
By understanding the links between users and groups, security teams and incident responders will be better able to react to attacks.
The ability to monitor and audit AD can not only proactively detect attacks on AD, but also identify what happened in a breach's aftermath, making the tools' reporting capabilities and automation crucial.
Armed with the ability to map attack paths and to track users, groups, and permissions, forensic investigations can move more quickly to uncover the scope of an attack.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/xTRVb4Y4puU/
Related news
- THN Cybersecurity Recap: Top Threats, Tools and Trends (Oct 7 - Oct 13) (source)
- THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 - Oct 20) (source)
- THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 - Oct 27) (source)
- THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 - Nov 03) (source)
- THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 04 - Nov 10) (source)
- THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17) (source)