CVE-2024-1243

Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for...

CVE-2024-1243

The CVE-2024-1243 entry concerns Wazuh agent for Windows prior to 4.8.0. It states improper input validation can be exploited by an attacker who controls the Wazuh server or agent key to configure the agent to connect to a malicious UNC path, leading to leakage of the machine account NetNTLMv2 ha...

CVE-2024-1243 Remote code execution and local privilege escalation in Wazuh Windows agent via NetNTLMv2 hash theft

Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for...

Metasploit Wrap-Up 04/25/2025

AD CS workflow improvement with new PKCS12 features Given the increasing popularity of AD CS misconfiguration exploitation in recent years, Metasploit has been consistently improving its capabilities in this area. This week’s release introduces a new certs command to the msfconsole, enabling user...

Metasploit Wrap-Up 04/04/2025

New RCEs Metasploit added four new modules this week, including three that leverage vulnerabilities to obtain remote code execution RCE. Among these three, two leverage deserialization, showing that the exploit primitive is still going strong. The Tomcat vulnerability in particular CVE-2025-24813...

Metasploit Weekly Wrap-Up 10/18/2024

ESC15: EKUwu AD CS continues to be a popular target for penetration testers and security practitioners. The latest escalation technique hence the the ESC in ESC15 was discovered by Justin Bollinger with details being released just last week. This latest configuration flaw has common issuance...

AD CS Certificate Template Management

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AD CS Certificate Template Management', 'Description' = %q This module can create, read, update, and delete AD CS certificate templates from a...

Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals

The most dangerous vulnerability you've never heard of. In the world of cybersecurity, vulnerabilities are discovered so often, and at such a high rate, that it can be very difficult to keep up with. Some vulnerabilities will start ringing alarm bells within your security tooling, while others ar...

Metasploit Wrap-Up 05/17/2024

LDAP Authentication Improvements This week, in Metasploit v6.4.9, the team has added multiple improvements for LDAP related attacks. Two improvements relating to authentication is the new support for Signing and Channel Binding. Microsoft has been making changes to harden the communications to...

Metasploit Weekly Wrap-Up 04/05/2024

New ESC4 Templates for AD CS Metasploit added capabilities for exploiting the ESC family of flaws in AD CS in Metasploit 6.3. The ESC4 technique in particular has been supported for some time now thanks to the adcscerttemplates module which enables users to read and write certificate template...

CVE-2022–26923 aka Certifried

Active Directory Domain Services Elevation of Privilege Vulnerability. Recent assessments: cdelafuente-r7 at January 10, 2023 3:08pm UTC reported: This vulnerability enables a low-privileged user to escalate privileges in a default Active Directory environment with the Active Directory Certificat...

CVE-2023-35351 Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability

...

CVE-2023-35351

CVE-2023-35351: Windows Active Directory Certificate Services (AD CS) Remote Code Execution vulnerability. Affected: Windows AD CS; vulnerability type is remote code execution. CVSSv3.1 base score 6.6 (vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). Exploitation status and detailed root ca...

Metasploit Weekly Wrap-Up

AD CS certificate templates Our very own Spencer McIntyre has developed a new module that allows for creating, reading, updating and deleting certificate template objects from Active Directory. ESC4 Exploitation These changes notably enables the exploitation of the technique identified as ESC4...

Metasploit Weekly Wrap-Up

Rocket Software UniRPC Exploits Ron Bowes submitted two exploit modules for vulnerabilities he discovered in the UniRPC server for Rocket Software’s UniData product. The first exploit module, exploit/linux/misc/unidataudadminauthbypass exploits an authentication bypass to ultimately gain remote...

Microsoft DFSCoerce Domain Control Privilege Vulnerability

Windows Server is a server operating system for Windows introduced by Microsoft on April 24, 2003, with the Microsoft Windows Server System WSS at its core. Microsoft DFSCoerce has a domain control privilege exploit, which can be exploited by an attacker to request the certificate of a domain...

PetitPotam – NTLM Relay to AD CS

Deployment of an Active Directory Certificate Services AD CS on a corporate environment could allow system administrators to utilize it for establishing trust between different… Continue reading - PetitPotam - NTLM Relay to AD CS...

PSPKIAudit - PowerShell toolkit for auditing Active Directory Certificate Services (AD CS)

PowerShell toolkit for auditing Active Directory Certificate Services AD CS. It is built on top of PKISolution's PSPKI toolkit Microsoft Public License. This repo contains a newer version of PSPKI than what's available in the PSGallery see the PSPKI directory. Vadims Podans the creator of PSPKI...

New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains

A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain. The...

Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS)

Summary Microsoft is aware of PetitPotam which can potentially be used in an attack on Windows domain controllers or other Windows servers. PetitPotam is a classic NTLM Relay Attack, and such attacks have been previously documented by Microsoft along with numerous mitigation options to protect...