PKI Compromise by Default

Certificate Authorities. They’re an invisible elephant in the room. They’re the colourless passport stampers that complement your inscrutable active directory certificate processes. The whole thing sounds very grey and bureaucratic, but threat actors and security wizards are looking at the certificate process very closely, and for good reason. Those passports can do quite a lot. In this article we’ll cover a few basic concepts and then look at a new crop of vulnerabilities discovered by the piratical and quite naughty SpectreOps. The aim of this post is not to make you an authority on certificate services, it’s to show you that there are distinct risks in deploying certificate services and provide you with a tool to audit for some of these.

In case you are unaware, SpectreOps are the vendors that produced several cutting-edge open-source tools for Active Directory enumeration. They are also shaking up the way the security industry views vulnerability management by introducing their own unique philosophy which has a core focus on attack pathway management, a philosophy which J2 had adopted in their insider threat assessment where we simulate human-operated ransomware attacks in our client environment as part of our red-teaming activity.

Read more: PKI Compromise by Default

  • Hits: 279

Serious Sam

In the age where bug-bounties has become an enormous and necessary cash-cow, this is a reminder that sometimes the KISS (keep it simple stupid) principle still applies to the vulnerability research field. A well-known researcher discovered a ten-year-old vulnerability in Windows 10 which allowed credentials to be dumped from Windows 10 devices with the latest updates.In the age where bug-bounties has become an enormous and necessary cash-cow, this is a reminder that sometimes the KISS (keep it simple stupid) principle still applies to the vulnerability research field. A well-known researcher discovered a ten-year-old vulnerability in Windows 10 which allowed credentials to be dumped from Windows 10 devices with the latest updates.

The Scoop

Benjamin Delphy, the creator of Mimikatz was poking around the new Windows 11 when he found something interesting. The SAM database had ‘builtin’ users assigned to the access control list. In plain English, any standard user would be able to read the database.

SAM stands for security account manager. Stores hashed credentials, that kind of thing. You can find it lurking in the %SystemRoot%/system32/config/SAM directory. Can’t access it? Good! you need to be an administrator. Try running icacls c:\windows\system32\config\SAM in a command prompt.

Icacls is a command line utility for modifying permissions and can be used to check permissions on a file. If you run the command, you will probably find what I did, that your SAM database is indeed readable and executable by a builtin user account. At this point you reach for a drink. Not during work hours of course. During work hours you reach for that alcohol free vodka.

serious sam 1

Read more: Serious Sam

  • Hits: 98

Firewalla - Family Time

Family Time

Firewalla is committed to taking back family time from social networks. One hour at a time. Our "Social Hour" feature blocks all social networks for one hour.

We all spend time on social networks. But have you ever wished that your family had a “time out” during dinner and other family occasions so that you can enjoy your time together and chat about your day?

Firewalla is with you. We’re committed to helping take back family time, one hour at a time, with our ‘Social Hour’ button. One tap and all major social networks will be blocked for one hour.

Read more: Firewalla - Family Time

  • Hits: 634

Copyright © 2019 J2 Software | Powered By Cartmell