OverPass The Hash (OPtH) is a form of credential theft- and reuse attack that is one of the most common methods of lateral movement within compromised IT environments.

So-called “skeleton key” passwords are a common means of gaining administrative access to your domain controller. We talk about this common method of privilege escalation.

Pass the Hash is a common post-exploitation attack. This post discusses how QOMPLX Identity Assurance detect PtH attacks.

Major amounts of data live within insurance carriers but the challenge lies in getting it out in useful form. Learn how to extract the value from data without the need to replace your existing systems, spend thousands of hours coding or rekeying data, or commit millions to a new data architecture.

Tracking instances of Windows Event ID 7045 (a new service was installed) is critical for capturing new service creation, which may indicate that malicious commands or payloads are being run on the system.

QOMPLX Knowledge: Detecting ASREP Roasting Attacks

QOMPLX Knowledge is an on-going series that provides vital information and insights about critical cyber security concepts that inform our work and that information security professionals need to master.

In this post, we take a look at how QOMPLX’s technology helps customers spot patterns of behavior that may indicate malicious use of Regsvr32.

A range of administrative utilities are commonly deployed by malicious actors including whoami, ipconfig and more. In this post, we’re taking a look at how QOMPLX’s technology helps customers to spot patterns of behavior that may indicate malicious use of built-in Windows utilities.