Disrupting the Cyber Kill Chain: How to Contain Use of Tools and Protocols
Preventing lateral movement and unauthorized domain access due to the misuse of network credentials – especially due to reconnaissance tools looking for weak spots – is a challenge plaguing many enterprises. In fact, it’s a decade-old security problem. A major issue for enterprises has been how to detect and contain the use of reconnaissance tools like BloodHound, authentication protocols such as NTLM, DCE/RPC, Kerberos and Lightweight Directory Access Protocol (LDAP), as well as other IT tools like PsExec and Powershell that are being misused or exploited by attackers.
- Prevent lateral movement and unauthorized domain access due to the misuse of network credentials via reconnaissance tools
- Block and easily contain PowerShell, PsExec and other attacking tools
- Deeply inspect authentication protocols such as NTLM, DCE/RPC, Kerberos and LDAP to control protocol usage
- Reduce risk of credential forwarding, password cracking and other credential-based attacks such as Pass-the-Hash and Golden Ticket
For technical information on installation, policy configuration and more, please visit the CrowdStrike Tech Center.Visit the Tech Center