Today we’re sharing an updates to episode #512 where we ran Rapid7’s InsightIDR through a bunch of attacks:

  • Active Directory enumeration via SharpHound

  • Password spraying through Rubeus

  • Kerberoasting and ASREPRoasting via Rubeus

  • Network protocol poisoning with Inveigh. Looking for a free way to detect protocol poisoning? Check out CanaryPi.

  • Hash dumping using Impacket. I also talk about an interesting Twitter thread that discusses the detection of hash dumping.

  • Pass-the-hash attacks with CrackMapExec

In today’s episode I share some emails and conversations we had with Rapid7 about these tests and their results. I’m also thrilled to share with you the articles themselves:

Written by: Brian Johnson

Share on socials: