New Research Paper: Pass-the-Hash Detection

Share and earn Cybytes
Facebook Twitter LinkedIn Email

CyberArk Labs recently published a preview of research on our Threat Research Blog exploring ways to detect Pass-the-Hash (PtH) attacks using the Windows Event Viewer. As follow-up to the highly-referenced post, the Labs team has published a technical research paper with additional details on the technique. The new paper is available via downloaded here.

As a refresher, PtH is an attack technique that leverages stolen credentials. It is often used in sophisticated attacks and represents a significant risk to organizations. This technique involves an attacker stealing account credentials from one computer and using them to authenticate to other access points in a network. Instead of requiring plaintext passwords, PtH attacks allow the attacker to authenticate with password hashes and begin lateral movement in the network over the NTLM protocol.

As part of this research, the Labs Team evaluated a number of scenarios for (PtH) NTLM connections to pinpoint key indicators and to help distinguish between legitimate and illegitimate uses. Based on this exercise, the team designed an algorithm and open source tool (called Ketshash) to aid in detecting live PTH attempts. You can also watch a short demo video of Ketshash here.

The post New Research Paper: Pass-the-Hash Detection appeared first on CyberArk.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About CyberArk
CyberArk is the only security company that proactively stops the most advanced cyber threats – those that exploit insider privileges to attack the heart of the enterprise. The company has pioneered a new category of targeted security solutions to lock down privileged accounts and protect against cyber threats before attacks can escalate and do irreparable business damage. CyberArk is trusted by the world’s leading companies – including more than 40 of the Fortune 100 – to protect their highest value information assets, infrastructure and applications, while ensuring tight regulatory compliance and audit requirements.
Promoted Content
Advanced cyber attacks involve compromised privileged accounts. Cyber attackers target them because they represent the keys to the IT kingdom. Effective enterprise security includes proactively protecting privileged accounts. Industry experts have identified practices that increase an organization’s vulnerability to a cyber attack. How many of these are common at your organization?

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?