Disrupting the Cyber Kill Chain: How to Contain Use of Tools and Protocols

Disrupting the Cyber Kill Chain White Paper Cover Image

Preventing lateral movement and unauthorized domain access due to the misuse of network credentials – especially due to reconnaissance tools looking for weak spots – is a challenge plaguing many enterprises. In fact, it’s a decade-old security problem. A major issue for enterprises has been how to detect and contain the use of reconnaissance tools like BloodHound, authentication protocols such as NTLM, DCE/RPC, Kerberos and Lightweight Directory Access Protocol (LDAP), as well as other IT tools like PsExec and Powershell that are being misused or exploited by attackers.

Download this paper to learn how Falcon Identity Protection solution can:

  • Prevent lateral movement and unauthorized domain access due to the misuse of network credentials via reconnaissance tools
  • Block and easily contain PowerShell, PsExec and other attacking tools
  • Deeply inspect authentication protocols such as NTLM, DCE/RPC, Kerberos and LDAP to control protocol usage
  • Reduce risk of credential forwarding, password cracking and other credential-based attacks such as Pass-the-Hash and Golden Ticket

TECHNICAL CENTER

  • OS icon
  • deployment icon
  • installation icon

For technical information on installation, policy configuration and more, please visit the CrowdStrike Tech Center.

Visit the Tech Center