• Service Accounts – Weakest Link in the Chain?

    At DerbyCon 2014, Tim Medin introduced a novel technique to elevate privileges by exploiting service accounts in Windows networks leveraging Active Directory and Kerberos. This method requires the service to be executed in the security context of a user account …

  • NOTICE: Investigators Warn of Increase in Service Account Exploits

    “Most companies expect service accounts to be used only internally, so they keep the default passwords…[but] many of our recent investigations have seen exploits in service accounts – probably in 80-90 percent of the cases.” – Christopher Novak, Verizon RISK …