Hi, this is the part 2 of the New MS Exchange Attack Surface. Because this article refers to several architecture introductions and attack surface concepts in the previous article, you could find the

In this post, I will go over some hardening configurations that are typically set in Group Policy settings and ways to bypass them. General methods for…

On April 7 2021, Thijs Alkemade and Daan Keuper demonstrated a zero-click remote code execution exploit in the Zoom video client during Pwn2Own 2021. Now that related bugs have been fixed for all users (see ZDI-21-971 and ZSB-22003) we can safely detail the…

In the past few years there's been numerous exploits for service to system privilege escalation. Primarily they revolve around the fact that...

Wiz Research recently found 4 critical vulnerabilities in OMI, which is one of Azure's most ubiquitous yet least known software agents and is deployed on a large portion of Linux VMs in Azure.

@GossiTheDog This is even more severe. The RCE is the simplest RCE you can ever imagine. Simply remove the auth header and you are root. remotely. on all machines. Is this really 2021?

True cyber security combines advanced technology and best practice. Get tips and read articles on how to take your online security even further.

Posted by James Forshaw, Project Zero This blog post is a summary of some research I've been doing into relaying Kerberos authentica...

Posted by James Forshaw, Project Zero In my previous blog post  I discussed the possibility of relaying Kerberos authentication from a...

CVE-2021-42278 and CVE-2021-42287

When Microsoft released the November 2021 patches, the following CVEs caught the eye of many security professionals because they allow impersonation of a domain controller in an Active Directory environment.
CVE-2021-42278 - KB5008102 Active Directory Security…

Methodology for reverse engineering Windows drivers, finding vulnerabilities and understanding their exploitability.

BlackArrow is the offensive and defensive security services division of Tarlogic Security. A team of high level professionals

This article describe a new persistence technique in Active Directory that allows to create valid TGT (i.e. have a master key). This technique relies on a Service Account with a Constrained Delegation to the KRBTGT service.

Group Managed Service Accounts (gMSAs) are vulverable to attacks called a "Golden gMSA". Learn more about GMSA Active Directory attacks on our blog.

Two years ago (march 2020), I found this sort of “vulnerability” in Folder Redirection policy and reported it to MSRC. They acknowledged it with CVE-2021-26887 even if they did not real…

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings). - Dec0ne/KrbRelayUp