Unwrapping BloodHound v6.3 with Impact Analysis

https://posts.specterops.io/unwrapping-bloodhound-v6-3-with-impact-analysis-acb44b5f0731?gi=442978874868

CVE-2024-49112 is a Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This critical vulnerability has been assigned a CVSS score of 9.8, indicating a high impact on confidentiality, integrity, and availability (C:H/I:H/A:H).

The vulnerability is related to an integer overflow or wraparound (CWE-190) in the LDAP implementation. This issue could allow remote attackers to execute arbitrary code on vulnerable systems by sending specially crafted LDAP requests.

Attackers can exploit this flaw remotely, requiring no authentication or user interaction.

Exploitation results in the attacker gaining full control of the affected system.

To mitigate CVE-2024-49112:

1. Apply Patches: Ensure all systems are updated with the latest security patches from Microsoft. Refer to their official advisory.

2. Restrict LDAP Access:
Limit access to LDAP services by implementing network-level access controls, such as firewalls.

Use secure LDAP (LDAPS) to encrypt LDAP traffic.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112

سلام وقت بخیر در این قسمت (6) که جمع بندی قسمت گذشته است روش هایی که میشه session admin و کلا session روی کامپیوترهای AD وجود دارد با ابزارها مختلف که همگی در github قابل دسترس هستند enumerate کنیم .
همچنین به توضیح مختصر از مبحث مهم ACL پرداختیم که پیشنهاد میکنم حتما در کتاب James forshaw windows internals فصل ACL بخونید.
یک دمو رفتیم که وقتی میگیم ACL خطرناک یا permission خطرناک چی هست چه کارهایی ممکنه هکر انجام بده.
در ادامه هدف اصلی از ریکان گفتیم که دنبال این هستیم لیست یوزرها کامپیوترها و ... در بیاریم که برسیم به دسترسی یوزر دامین، ادمین لوکال که این ادمین لوکال خیلی مهمه چرا که میتونه کمک کنه ما ابزارها کاربردی مثل mimikatz روی هاست اجرا کنیم و CA, LM انجام بدهیم.

https://youtu.be/L-t4XxUG_bY
جهت دسترسی به کامندها و نوت ها:
https://github.com/soheilsec/Active-Directory-For-Hackers/blob/main/Recon%20AD%20during%20penetration%20testing%20and%20Red%20Teaming.md

D3FEND 1.0 is here and we are excited to see how you put D3FEND into action!
https://d3fend.mitre.org/blog/d3fend-1.0/

Flare-On 2024
https://youtube.com/playlist?list=PLYP-7_bD0kQEJ51srPqQY7QUc2VNYN8uN&si=Y0aXPlqRyrOfjUMA

7 سال گذشت 🤔
https://in.tgstat.com/channel/@learnpentest/stat

PoC:
https://github.com/SafeBreach-Labs/CVE-2024-49113

Blog: https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-CVE-2024-49113/

windows DFIR artifacts collection MindMap

Exploit ADCS ESC8 with nxc
NetExec now supports "Pass-the-Cert" as an authentication method

3 takeaways from red teaming 100 generative AI products
https://www.microsoft.com/en-us/security/blog/2025/01/13/3-takeaways-from-red-teaming-100-generative-ai-products/

POC exploit for CVE-2024-49138
https://github.com/MrAle98/CVE-2024-49138-POC

NSA Jointly Releases Recommendations for Closing the Software Understanding Gap
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/4031718/nsa-jointly-releases-recommendations-for-closing-the-software-understanding-gap/

ETW Threat Intelligence and Hardware Breakpoints

https://www.praetorian.com/blog/etw-threat-intelligence-and-hardware-breakpoints/

https://github.com/rad9800/hwbp4mw