4 matches found
Twig: Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points
Description SandboxNodeVisitor enforces SecurityPolicy::checkMethodAllowed for implicit toString calls by wrapping selected AST nodes in CheckToStringNode. The set of wrapped nodes is incomplete, and several Twig language constructs still trigger PHP string coercion on a Stringable operand withou...
Warning: Victims' faces placed on explicit images in sextortion scam
The FBI has issued a warning about criminals digitally manipulating people's faces on to pornographic images--known as deepfaking--and then using those images to harass or extort money out of their victim in a practice known as sextortion. The FBI said the victims include children. From the...
Lateral Movement – WebClient
Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading - Lateral Movement - WebClient...
ADCSPwn - A Tool To Escalate Privileges In An Active Directory Network By Coercing Authenticate From Machine Accounts And Relaying To The Certificate Service
A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts Petitpotam and relaying to the certificate service. Usage Run ADCSPwn on your target network. authentication will be relayed to. Optional arguments: port - The port ADCSPwn will listen on...