Kerberos is one of the most common protocols in organizations that utilize Windows Active Directory, and an essential part of Windows authentication used to verify the identity of a user or a host [1]. As such, Kerberos is often a target for adversaries trying to either steal or forge Kerberos tickets [2]. In this blog … Continue reading Capture the Kerberos Flag: Detecting Kerberos Anomalies
We provide a KQL query that will help you validate your defined Windows audit security policy configuration. Defining a Windows audit policy is an important step in establishing a robust security posture. Ensuring that the audit policy is applied consistently across your environment is just as important as defining that policy and quality controls should be in place.
Intro In this blog post we discuss a zero-day topic for finding privilege escalation vulnerabilities discovered by Ahmad Mahfouz. It abuses applications like Software Center, which are typically used in large-scale environments for automated software deployment performed on demand by regular (i.e. unprivileged) users. Since the topic resulted in a possible attack surface across many … Continue reading CVE Farming through Software Center – Aย group effort to flush out zero-day privilege escalations
Introduction In this blog post, I will take you through the steps that I performed to get code execution on a Windows kiosk host using ONLY Microsoft Edge. Now, I know that there are many resources out there for breaking out of kiosks and that in general it can be quite easy, but this technique … Continue reading Breaking out of Windows Kiosks using only Microsoft Edge
