Nosferatu - Lsass NTLM Authentication Backdoor

Lsass NTLM Authentication Backdoor How it Works First, the DLL is injected into the lsass.exe process, and will begin hooking authentication WinAPI calls. The targeted function is MsvpPasswordValidate, located in NtlmShared.dll. In the pursuit of not being detected, the hooked function will call...

CVE-2021-36942

Windows LSA Spoofing Vulnerability Recent assessments: jbaines-r7 at January 25, 2022 4:35pm UTC reported: Recently, I was attempting to combine James Forshaw’s remote EFSRPC file write “bug” with a local privilege escalation that I’d discovered. I was getting strange results. Working on one...

CVE-2021-20488

IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789...

ADCollector - A Lightweight Tool To Quickly Extract Valuable Information From The Active Directory Environment For Both Attacking And Defending

ADCollector is a lightweight tool that enumerates the Active Directory environment to identify possible attack vectors. It will give you a basic understanding of the configuration/deployment of the environment as a starting point. Notes: ADCollector is not an alternative to the powerful PowerView...