Silent Domain Hijack: Detecting DCSync with Trellix NDR

Silent Domain Hijack: Uncovering the DCSync Attack and Detecting with Trellix NDR By Maulik Maheta and Chao Sun · December 10, 2025 Executive summary DCSync is one of the most powerful and stealthy techniques an attacker can use once they have gained access to an Active Directory AD environment...

CVE-2024-42062 Apache CloudStack: User Key Exposure to Domain Admins

CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission validation issue that...

PT-2024-5718 · Apache · Apache Cloudstack

Name of the Vulnerable Software and Affected Versions: Apache CloudStack version 4.19.1.0 Description: The issue is related to a regression in the network listing API, allowing unauthorized list access of network details for domain admin and normal user accounts. This compromises tenant isolation...

CVE-2023-52269

MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators...

SUSE CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...

Incorrect results when you run AD Windows PowerShell cmdlets on a Windows Server 2012 or Windows Server 2008 R2-based domain controller

Incorrect results when you run AD Windows PowerShell cmdlets on a Windows Server 2012 or Windows Server 2008 R2-based domain controller Symptoms Consider the following scenarios. Scenario 1 You have a Windows Server 2012 or Windows Server 2008 R2-based domain controller that has User Account...

Exploit for CVE-2018-8581

CVE-2018-8581 这是一个邮箱层面的横向渗透和提权漏洞 它可以在拥有了一个普通权限邮箱账号密码后，完成对其他用户包括域管理员邮箱收件箱的委托接管 本EXP脚本是在原PoC基础上修改的增强版一键脚本，它将在配置好相关参数后，自动完成目标邮箱inbox收件箱的添加委托和删除委托操作，以方便甲方安全部门和红队对授权企业完成一次模拟攻击过程 原PoC是两个脚本配合使用完成添加收信规则的操作，在甲方红队实际工作中不怎么实用，而原PoC除了需要邮箱外，还需要设置目标邮箱用户的SID，但在参考文章中提到的获取用户SID的方法，我在实际环境中测试Exchange Server...

HoneypotBuster - Microsoft PowerShell Module to Find HoneyPots and HoneyTokens in the Network

Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host. CodeExecution Execute code on a target machine using Import-Module. Invoke-HoneypotBuster HoneypotBuster is a tool designed to spot Honey Tokens, Honey Bread Crumbs...

Change Password Option in StoreFront Not Shown, Available Only for Admins

Change password option in StoreFront not shown for non-domain admins but is there for domain admins...

Postfix Admin Security Bypass Vulnerability

Postfix Admin is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...

UBUNTU-CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...

CVE-2017-5930

The CVE-2017-5930 issue affects PostfixAdmin's AliasHandler. The AliasHandler component before 3.0.2 permits remote authenticated domain admins to delete protected aliases via delete.php due to a missing permission check, enabling unintended alias deletion. Public sources confirm the fix is to up...

CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...

CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...

CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...

CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

CredCrack - Fast and Stealthy Credential Harvester

CredCrack is a fast and stealthy credential harvester. It exfiltrates credentials recusively in memory and in the clear. Upon completion, CredCrack will parse and output the credentials while identifying any domain administrators obtained. CredCrack also comes with the ability to list and enumera...

Windows Gather Enumerate Domain Admin Tokens (Token Hunter)

This module enumerates Domain Admin account processes and delegation tokens. This module will first check if the session has sufficient privileges to replace process level tokens and adjust process quotas. The SeAssignPrimaryTokenPrivilege privilege will not be assigned if the session has been...

[Hat-Squad] GFI L.N.S.S 5.0 Insecure Credential Storage

February 28, 2005 Hat-Squad Advisory: GFI L.N.S.S 5.0- Insecure Credential Storage Product: GFI Languard Network Security Scanner Vendor Url: http://gfi.com/ Version: 5.0 Vulnerability: Insecure Credential Storage Release Date: February 28, 2005 Vendor Status: Informed on 22 February 2005 Respons...