206 matches found
Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers
Microsoft is urging customers to patch two security vulnerabilities in Active Directory domain controllers that it addressed in November following the availability of a proof-of-concept PoC tool on December 12. The two vulnerabilities — tracked as CVE-2021-42278 and CVE-2021-42287 — have a severi...
KB5008603: Authentication fails on domain controllers in certain Kerberos scenarios on Windows Server 2012 R2
KB5008603: Authentication fails on domain controllers in certain Kerberos scenarios on Windows Server 2012 R2 Summary This update addresses the following issue: Addresses a known issue that might cause authentication failures related to Kerberos tickets you acquired from Service for User to Self...
November 14, 2021—KB5008601 (OS Build 14393.4771) Out-of-band
November 14, 2021—KB5008601 OS Build 14393.4771 Out-of-band 11/9/2021 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a preview release known as a “C” release for the month of December 2021. There will be a monthly security release kno...
KB5008606: Authentication fails on domain controllers in certain Kerberos scenarios on Windows Server 2008 SP2
KB5008606: Authentication fails on domain controllers in certain Kerberos scenarios on Windows Server 2008 SP2 Summary This update addresses the following issue: Addresses a known issue that might cause authentication failures related to Kerberos tickets you acquired from Service for User to Self...
November 14, 2021—KB5008602(OS Build 17763.2305) Out-of-band
November 14, 2021—KB5008602OS Build 17763.2305 Out-of-band 11/9/2021 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a preview release known as a “C” release for the month of December 2021. There will be a monthly security release know...
Active-Directory-Exploitation-Cheat-Sheet
This is a cheat sheet for Windows Active Directory exploitation, containing common enumeration and attack methods. The repository is a collection of PowerShell scripts and modules that can be used to perform various attacks on Active Directory, including domain enumeration, lateral movement, and...
Researchers Uncover FIN8's New Backdoor Targeting Financial Institutions
A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and st...
Exploit for Improper Authentication in Microsoft
PoC exploit for CVE-2021-36949, a vulnerability in Azure AD Conn...
Chinese Hackers Target Major Southeast Asian Telecom Companies
Three distinct clusters of malicious activities operating on behalf of Chinese state interests have staged a series of attacks to target networks belonging to at least five major telecommunications companies located in Southeast Asian countries since 2017. "The goal of the attackers behind these...
AD Starter Scan - Unconstrained delegation
Binary data adsikerberosdeleg.nbin...
Microsoft warns of PetitPotam attack taking over Windows domains
By Deeba Ahmed Experts reveal that the PetitPotam attack forces remote Windows servers such as Domain Controllers to validate a malicious destination. This is a post from HackRead.com Read the original post: Microsoft warns of PetitPotam attack taking over Windows domains...
New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains
A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain. The...
Exploit for CVE-2020-1472
PoC exploit for CVE-2020-1472 ZeroLogon vulnerability. The target product/service is Windows Domain Controller DC. The vulnerability class/vector is authentication bypass via all-zero challenge. The probable entry point is the Netlogon service, which is accessed via the Impacket library. Notable...
July 13, 2021—KB5004289 (Monthly Rollup)
July 13, 2021—KB5004289 Monthly Rollup Important: Windows 7 and Windows Server 2008 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases known as "C" releases for this operating system...
How to Mitigate Microsoft Print Spooler Vulnerability – PrintNightmare
This week, PrintNightmare - Microsoft's Print Spooler vulnerability CVE-2021-34527 was upgraded from a 'Low' criticality to a 'Critical' criticality. This is due to a Proof of Concept published on GitHub, which attackers could potentially leverage for gaining access to Domain Controllers. As we...
Exploit for CVE-2020-1472
PoC exploit for CVE-2020-1472, a vulnerability in the Windows Netlogon service that allows authentication bypass. The exploit uses the Impacket library to test the vulnerability and attempt to perform a Netlogon authentication bypass. It targets the Netlogon service on a domain controller and sen...
CISA Offers New Mitigation for PrintNightmare Bug
The U.S. government has stepped in to offer a mitigation for a critical remote code execution RCE vulnerability in the Windows Print Spooler service that may not have been fully patched by Microsoft’s initial effort to fix it. To mitigate the bug, dubbed PrintNightmare, the CERT Coordination Cent...
Exploit for CVE-2021-1675
From Lares Labs: Detection & Remedia...
PrintNightmare, Critical Windows Print Spooler Vulnerability
Updated July 2, 2021 For new information and mitigations, see Microsoft's updated guidance for the Print spooler vulnerability CVE-2021-34527. Updated July 1, 2021 See Microsoft's new guidance for the Print spooler vulnerability CVE-2021-34527 and apply the necessary workarounds. Original post Ju...
EulerOS 2.0 SP5 : bind (EulerOS-SA-2021-1894)
According to the version of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's...