Microsoft products have been frequent targets for threat actors for decades. In recent years, attacks targeting Microsoft Active Directory, the Microsoft Kerberos authentication protocol, and PowerShell have increased dramatically, leading to compromises at thousands of organizations.
Below, we examine five common Microsoft exploits and show how the ExtraHop Reveal(x) network detection and response (NDR) platform helps security analysts respond to these attacks. Reveal(x) gives users comprehensive visibility into Microsoft environments, providing detections of common attacks.
The detections in Reveal(x) build on its unmatched decryption capabilities, which reveal malicious activity hiding in encrypted traffic, a common tactic used in attacks on Microsoft environments. The decryption capabilities identify unauthorized access and privilege escalation attempts in Active Directory, and they give security analysts visibility into living-off-the-land techniques, in which attackers misuse legitimate tools to gain access to targeted networks...read more!
