Download Now

First Name

Last Name

Company

Country

State

Postal Code - optional

Thank you!

Error - something went wrong!

Pass the hash detection using Windows Events

December 17, 2019

In this paper we will focus on detecting Pass-The-Hash attacks, after the credentials were stolen, via the event viewer.

Pass-The-Hash is an attack technique that allows an attacker to start lateral movement in the network over NTLM protocol, in contrary to Over Pass-The-Hash which use Kerberos protocol, without the need for the user password. We will compare between legitimate and illegitimate NTLM connections, we will show what indictors can be used to distinguish between them and what we can conclude from that to build out an algorithm to demonstrate detection of Pass-the-Hash attacks.

CyberArk Labs created a tool (Ketshash) that demonstrate the detection methods that we will talk about in this paper. This paper does not provide a 100% solution for Pass-The-Hash attack but it will show what can be done with the available tools and how to create a general view of the NTLM connections over the network.

CyberArk DNA™ Datasheet

CyberArk Discovery & Audit (DNA) is a powerful tool – available at no charge – that scans systems on your n...

Next Video

CyberArk DNA Overview

2-minute animation shows how CyberArk’s DNA, Discovery and Audit, tool (available at no charge) uncovers pr...

Up Your Security I.Q. by Checking Out Our Collection of Curated Resources.

Pass the hash detection using Windows Events

Previous Article

Next Video

STAY IN TOUCH

Pass the hash detection using Windows Events

Previous Article

Next Video

Recommended for You

What an Identity Security platform should offer and why.

Identity Security enables Transformative organizations to outperform peers and improve business outcomes. Learn about the security and business benefits were possible with Identity Security.

The CyberArk Blueprint for Identity Security Success is designed to help organizations establish and evolve an effective Identity Security program and accelerate their Identity Security success.

Assess the maturity of your organization’s Identity Security strategy and follow the recommendations to level up. Download the Identity Security Maturity Model report for peer insights.

Explore cloud privilege security best practices and learn how to accelerate your journey into the cloud with Identity Security success.

Learn how you can leverage the methodology from the CyberArk Blueprint for Identity Security Success to help defend against attacks and secure your AWS cloud environments.

The CyberArk Blueprint is built on three guiding principles that guide security control recommendations and are designed to mitigate common risks associated with the identity-centric attacks.

The CyberArk Blueprint for Identity Security Success is designed to help organizations establish and evolve an effective identity security program and accelerate their identity security success.

You know when you get stuck sitting next to that one relative who takes forever to tell a story or get to the punchline of a joke? Executive board meetings and quarterly updates sometimes go...

This eBook outlines a practical approach and blueprint for enterprises to secure their entire application portfolio. It addresses applications of all types from zOS and COTS, to Kubernetes.

Learn how to mature and future-proof your program by following a simple and prescriptive best practice framework.

The CyberArk Blueprint for Identity Security Success is a framework of simple prescriptive guidance designed to measurably reduce risks.

A comprehensive blueprint to help organizations assess and prioritize Identity Security risks and defend against attacks

TL;DR Cloud technologies are ubiquitous and most organizations rely on cloud vendors to provide them with critical services and computing workloads. This ecosystem makes organizations deeply...

Follow the CyberArk Blueprint frame to design and effective Identity Security implementation roadmap that complies with federal regulations.

The Rapid Risk Reduction Playbook helps organizations quickly implement the most critical elements of the CyberArk Blueprint to rapidly strengthen security and reduce risk. Learn more.

Review the Blueprint framework to ensure you’re making the most of your CyberArk tools.

Download the presentation to refer back to any time you need it.