The-Full-Attack-Chain

⚔️ The Full Attack Chain — Capstone Red Team Engagement Int...

When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise

Overview Attackers do not need to break into the front door when they can convince employees to open it for them through the tools they already trust. In April 2026, Rapid7 investigated an enterprise intrusion that began with a Microsoft Teams message from a fake “IT Support” account and quickly...

Astra Linux – Vulnerability in Samba

Multiple flaws were identified in the way Samba AD DC implemented access control and compliance checks for stored data. An attacker could exploit these flaws to cause a complete compromise of the domain...

web-to-domain-admin-lab

Web to Domain Admin Compromise Lab This project simulates a r...

Containing a domain compromise: How predictive shielding shut down lateral movement

In this article 1. Predictive shielding overview 2. Attack chain overview 3. How predictive shielding changed the outcome 4. MITRE ATT&CK® techniques observed 5. Learn more In identity-based attack campaigns, any initial access activity can turn an already serious intrusion into a critical incide...

Containing a domain compromise: How predictive shielding shut down lateral movement

In this article 1. Predictive shielding overview 2. Attack chain overview 3. How predictive shielding changed the outcome 4. MITRE ATT&CK® techniques observed 5. Learn more In identity-based attack campaigns, any initial access activity can turn an already serious intrusion into a critical incide...

challenge-lab-ASCP

AD Attack Path Lab A complete Active Directory attack simulat...

denkair-lab

DenkAir - Windows AD Pentesting Lab A comprehensive Windows A...

Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center

Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges. Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need...

Azure Linux 3.0 Security Update: samba (CVE-2020-25719)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-25719 advisory. - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name- based...

Azure Linux 3.0 Security Update: samba (CVE-2020-25722)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-25722 advisory. - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. ...

EUVD-2020-18376

Malware in sbrugna...

EUVD-2020-18373

Malware in sbrugna...

EUVD-2025-18064

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-25722

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total doma...

Linux Distros Unpatched Vulnerability : CVE-2020-25719

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name- based authentication. The Samba AD DC, could become...

The vulnerability of the SimpleOne ITSM automation system lies in its ability to use strictly encrypted user data, which allows a malicious actor to compromise the domain name.

The vulnerability of the SimpleOne ITSM automation system relates to the possibility of using strictly encrypted user data. Exploiting this vulnerability could allow a malicious actor to compromise the domain name...

Amazon Linux 2022 : ctdb, ctdb-pcp-pmda, libsmbclient (ALAS2022-2022-022)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-022 advisory. A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was...

Check your DNS! Abandoned domains used to bypass spam checks

Researchers at Guardio Labs have discovered that a group of spammers is using long-forgotten subdomains from established brands like MSN, eBay, CBS, and Marvel to send out malicious emails. The emails can bypass spam checks and to recipients they look like they come from a legitimate source. A...

PT-2024-7395

Name of the Vulnerable Software and Affected Versions: Windows Remote Registry client affected versions not specified Description: The issue is related to the Windows Remote Registry client, where an elevation of privilege vulnerability exists due to the use of outdated transport protocols,...