There is no excerpt because this is a protected post.
Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS) – ADV210003 – KB5005413 – PetitPotam25 Jul 2021 in Cyber Security
This advisory is related to the recent Certified Pre-Owned whitepaper discussing the possible abuse of the Active Directory Certificate Services AD CS role in combination with Credentials Relay Attacks such as MS-RPRN and the more recent MS-EFSRPC aka PetitPotam. The MS-EFSRPC protocol can be used to coerce any Windows host including Domain Controllers to authenticate […]
A new Local Privilege Escalation (LPE) has been discovered in Windows 10/11. The vulnerability, named HiveNightmware a.k.a. SeriousSam, is a result of a “bad” ACL set on the registry hive files in the C:\Windows\System32\Config folder. This allows regular users read access to the SAM, SYSTEM, SECURITY, and other critical files. This means that a regular […]
This article describes the pre-auth remote code execution in Kaseya VSA Server that was exploited in the recent Revil ransomware campaign. This article clarifies some misconceptions and adds important details to the conversation.
Truesec has now been able to conclusively prove that the massive ransomware attack by the REvil cybercrime syndicate was the result of a pre-authentication remote code execution zero-day.