16 matches found
When SPNs Go Rogue: Detection and Remediation with Trellix NDR
When SPNs Go Rogue: Detection and Remediation with Trellix NDR By Maulik Maheta and Henry Bernabe · February 10, 2026 Executive summary Service Principal Names SPNs are essential for Kerberos authentication in Active Directory AD, but misconfigurations, such as assigning SPNs to standard user...
Azure Linux 3.0 Security Update: samba (CVE-2022-0336)
The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-0336 advisory. - The Samba AD DC includes checks when adding service principals names SPNs to an account to ensure that SPNs do...
CVE-2024-22245 Arbitrary Authentication Relay Vulnerability in Deprecated EAP Browser Plugin
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary...
CVE-2024-22245 Arbitrary Authentication Relay Vulnerability in Deprecated EAP Browser Plugin
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary...
Detecting and Visualizing Lateral Movement Attacks with Trellix XDR - Part 2
Detecting and Visualizing Lateral Movement Attacks with Trellix Helix Connect - Part 2 By Maulik Maheta · May 21, 2023 This blog was also written by Chintan Shah Executive summary In the part 1 of this series we discussed in depth about the known Lateral movement attacks like abusing weak service...
AZL-10741 CVE-2022-0336 affecting package samba 4.12.5-7
The Samba AD DC includes checks when adding service principals names SPNs to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as...
DEBIAN-CVE-2022-0336
The Samba AD DC includes checks when adding service principals names SPNs to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as...
UBUNTU-CVE-2022-0336
The Samba AD DC includes checks when adding service principals names SPNs to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as...
Exploit for Improper Privilege Management in Microsoft
内网渗透学习笔记 作者:chriskali Github:chriskaliX 近期,拜读了腾讯蓝军-红蓝对抗之Windows内网渗透,学到了不少知识点。打算拆分章节进行整理以及复现,主要记录自己缺失的知识点。这是一个大杂烩文章,主线是跟着jumbo师傅的思路,碰到感兴趣的,我会继续扩展。可能有点凌乱,希望大家见谅。 0x01 环境搭建 这一步略过,简单介绍一下测试的环境 |主机名|IP地址|角色|系统| |:-:|:-:|:-:|:-:| |DC|10.10.10.10|DC|DNS|Winserver 2012| |John|10.10.10.11|normal|win7|...
September 19, 2017—KB4038774 (Preview of Monthly Rollup)
September 19, 2017—KB4038774 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4038792released September 12, 2017 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresse...
Active Directory Reconnaissance: ADRecon
ADRecon is a tool which extracts various artifacts as highlighted below out of an AD environment in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis. The report can provide a holistic picture of the current state of the target AD...
Impacket - Collection Of Python Classes For Working With Network Protocols
Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols e.g. SMB1-3 and MSRPC the protocol implementation itself. Packets can be constructed from scratch, as well as parsed...
ADRecon - Tool Which Gathers Information About The Active Directory
ADRecon is a tool which extracts various artifacts as highlighted below out of an AD environment in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis. The report can provide a holistic picture of the current state of the target AD...
UBUNTU-CVE-2017-11103
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...
Moderate: Red Hat Security Advisory: krb5 security update
Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available fo...
MITKRB5-SA-2005-002: buffer overflow, heap corruption in KDC
-----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2005-002 Original release: 2005-07-12 Topic: buffer overflow, heap corruption in KDC Severity: CRITICAL SUMMARY ======= The MIT krb5 Key Distribution Center KDC implementation can corrupt the heap by attempting to free memory at a rand...