Defending Against Active Directory Kerberos Attacks
Much has been written by pentesting and red teams to explain how to leverage attacks against the Kerberos protocol to quickly escalate privileges and take over service accounts wit...
Read MoreMicrosoft to Enable Domain Controller Enforcement Mode by Default on Feb. 9
What Happened When CVE-2020-1472 was released on Aug 11, 2020, Microsoft addressed a critical remote code execution vulnerability targeting how the Netlogon secure channel is used...
Read MoreSecurity Detections for a Hybrid Azure AD Join Environment
The enterprise environment of today is much more highly complex than even a couple of years ago. Microsoft Windows Active Directory (AD) has been the most used go-to when it comes ...
Read MorePing of Death v2: Windows IPv6 Vulnerability (CVE-2020-16898/9)
Microsoft has released 11 Critical level patches during this Patch Tuesday (including the latest Adobe Flash security update). However, two of these vulnerabilities among those bei...
Read MoreA Security Engineer Does InfoSec Marketing For a Week
I’ve never thought that I’ve been great at marketing, good? Sure, but definitely not great. I’ve done my bit personally over the last few years to build up followers, althoug...
Read MoreWhat You Need to Know About SigRed: Windows DNS Vulnerability (CVE-2020-1350)
Two researchers at Check Point Research recently discovered a critical vulnerability in the Windows DNS server (CVE-2020-1350), also known as ‘SigRed.’ Microsoft has acknowledg...
Read More