Category:

Protected: From Stranger to DA // Using PetitPotam to NTLM relay to Domain Administrator

02 Aug 2021 in Cyber Security

There is no excerpt because this is a protected post.

Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS) – ADV210003 – KB5005413 – PetitPotam

25 Jul 2021 in Cyber Security

This advisory is related to the recent Certified Pre-Owned whitepaper discussing the possible abuse of the Active Directory Certificate Services AD CS role in combination with Credentials Relay Attacks such as MS-RPRN and the more recent MS-EFSRPC aka PetitPotam. The MS-EFSRPC protocol can be used to coerce any Windows host including Domain Controllers to authenticate […]

HiveNightmare a.k.a. SeriousSam Local Privilege Escalation in Windows – CVE-2021-36934

20 Jul 2021 in Cyber Security

A new Local Privilege Escalation (LPE) has been discovered in Windows 10/11. The vulnerability, named HiveNightmware a.k.a. SeriousSam, is a result of a “bad” ACL set on the registry hive files in the C:\Windows\System32\Config folder. This allows regular users read access to the SAM, SYSTEM, SECURITY, and other critical files. This means that a regular […]

How the Kaseya VSA Zero Day Exploit Worked

06 Jul 2021 in Cyber Security

This article describes the pre-auth remote code execution in Kaseya VSA Server that was exploited in the recent Revil ransomware campaign. This article clarifies some misconceptions and adds important details to the conversation.

Origin of the Kaseya Breach

05 Jul 2021 in Cyber Security

Truesec has now been able to conclusively prove that the massive ransomware attack by the REvil cybercrime syndicate was the result of a pre-authentication remote code execution zero-day.