Tag
#PetitPotam
Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading → Lateral Movement – WebClient
Deployment of an Active Directory Certificate Services (AD CS) on a corporate environment could allow system administrators to utilize it for establishing trust between different… Continue reading → PetitPotam – NTLM Relay to AD CS
Hello everyone! Yet another news episode. Microsoft’s August Patch Tuesday Let’s start with Microsoft’s August Patch Tuesday. I think the most interesting thing is that it contains a fix for the PetitPotam vulnerability. I talked about this vulnerability two weeks ago. At the time, Microsoft had no plans to release a patch because PetitPotam was […]
Hello everyone! Last Week’s Security News, July 26 – August 1. Serious Sam in Metasploit Last week I talked about the Serious Sam vulnerability (CVE-2021-36934), also known as HiveNightmare. The name HiveNightmare comes from the fact that Windows stores its registry data in a small number of proprietary database files called hives. Due to mismanagement […]