When the Cyberthreat Comes from the Inside

08 Sep 2021 in Cyber Security

Would you like to earn millions of dollars? The LockBit 2.0 ransomware are now trying to recruit insiders – and there is no reason to believe that your company wouldn’t be targeted. The global competitive framework has changed significantly: hybrid warfare with methods like infiltration and espionage will be an imminent threat against the strategic environment for the foreseeable future. To counter these new threats, we need to mirror the attackers and their methods.

Why Safeguarding Your Digital Assets Is a Must

31 Aug 2021 in Cyber Security

n the connected world, information and digital assets can be shared and distributed in an unprecedented way. This presents us with great business opportunities and innovations, but also new challenges in protecting valuable information.

From Stranger to DA // Using PetitPotam to NTLM relay to Domain Administrator

05 Aug 2021 in Cyber Security

Knock knock, who’s there? Your new DA! Several vulnerabilities that have been recently disclosed, namely: MS-EFSRPC – AKA PetitPotam Credential Relaying abusing the AD CS role Any attacker with internal network access, such as a phished client or a malicious planted device in the network, can take over the entire Active Directory domain without any […]

Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS) – ADV210003 – KB5005413 – PetitPotam

25 Jul 2021 in Cyber Security

Updates 2021-08-06 – Added recommendations to protect DC’s This advisory is related to the recent Certified Pre-Owned whitepaper discussing the possible abuse of the Active Directory Certificate Services AD CS role in combination with Credentials Relay Attacks such as MS-RPRN and the more recent MS-EFSRPC aka PetitPotam. The MS-EFSRPC protocol can be used to coerce […]

HiveNightmare a.k.a. SeriousSam Local Privilege Escalation in Windows – CVE-2021-36934

20 Jul 2021 in Cyber Security

A new Local Privilege Escalation (LPE) has been discovered in Windows 10/11. The vulnerability, named HiveNightmware a.k.a. SeriousSam, is a result of a “bad” ACL set on the registry hive files in the C:\Windows\System32\Config folder. This allows regular users read access to the SAM, SYSTEM, SECURITY, and other critical files. This means that a regular […]