Singularity™ Identity vs Privilege Escalation (Mimikatz and Offensive Tools)

The attack on Cisco shows that identity-based attacks are a leading threat vector used in data breaches. From the perspective of a threat actor, targeting identity and access management gaps through compromised credentials is the quickest path to reaching a target’s resources and critical data. Attackers are very aware that Active Directory is the crown jewel of a business, granting them the ability to exfiltrate sensitive information, install backdoors, alter security policies, and more.

On some victim’s endpoints, the threat actor used MiniDump from Mimikatz to dump LSASS. They also leveraged the “wevtutil.exe” utility to identify and clear event logs generated on the system.
Singularity™ Ranger AD Assessor detects the modification of authentication mechanisms on a domain controller, thwarting threat actors that attempt to patch the authentication process to bypass the authentication mechanisms.

Singularity™ Ranger AD Assessor detects the modification of authentication mechanisms on a domain controller, thwarting threat actors that attempt to patch the authentication process to bypass the authentication mechanisms.