Cyber Essentials basic achieved

I’m pleased to say that we’ve now achieved Cyber Essentials basic level with our chosen suppliers, SureCloud. Onwards to the Plus level now.

Active Directory password audit using Kali

Following on from my recent security education, I recently performed an internal security audit of Active Directory passwords on my Kali build. There are many tutorials online for this (and if you’re a domain administrator, give it a go, it’s fun).

I had a couple of issues, but by cobbling together instructions from various places I managed to get what I wanted (and found that about 40 members of staff had a password that featured the company name, now rectified).

I am unfortunately too lazy to write my down detailed post on how to do it, but the resources I used were:

https://blog.didierstevens.com/2016/07/13/practice-ntds-dit-file-part-2-extracting-hashes/

https://www.trustwave.com/Resources/SpiderLabs-Blog/Tutorial-for-NTDS-goodness-(VSSADMIN,-WMIS,-NTDS-dit,-SYSTEM)/

http://security.sunera.com/2014/05/starting-active-directory-password.html

https://github.com/libyal/libesedb/wiki/Building#source-distribution-package

https://github.com/pentestgeek/smbexec/issues/127