all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Certifried ADCS Privilege Escalation PoC

Add to bookmarks
May 11, 2022, 11:56 a.m. | /u/an0n_r0

cybersecurity www.reddit.com

Just recreated the PoC for CVE-2022-26923 ("Certifried") Windows Active Directory Privilege Escalation vulnerability. From low-privileged user to domain admin in a couple of (relatively easy) steps:

tweet: [https://twitter.com/an0n\_r0/status/1524181212868325380](https://twitter.com/an0n_r0/status/1524181212868325380)
little bit more details: [https://www.linkedin.com/feed/update/urn:li:activity:6929953880982069249/](https://www.linkedin.com/feed/update/urn:li:activity:6929953880982069249/)

and the full write-up by /u/ly4k_ who discovered this amazing vulnerability: [https://research.ifcr.dk /certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4](https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4)

adcs cybersecurity escalation poc privilege privilege escalation

Visit resource

More from www.reddit.com / cybersecurity

Copilot‘s screen-snapping Recall data stored in plain text 10 hours ago | www.reddit.com
copilot cybersecurity data plain text +3
Cops Swarm Global Cybercrime Botnet Infrastructure in 2 Massive Ops 12 hours ago | www.reddit.com
botnet cops cybercrime cybersecurity +4
What are the most common IAM and PAM solutions in cybersecurity? 12 hours ago | www.reddit.com
cybersecurity cybersecurity professional goal iam +5
How does hiring in APT groups work? 13 hours ago | www.reddit.com
apt apt groups can cybersecurity +5
State of WiFi Security in 2024 14 hours ago | www.reddit.com
article cybersecurity exploiting feedback +9
Prioritize Blue Team for Cybersecurity Success 15 hours ago | www.reddit.com
blue blue team box can +16
Reported a Critical Vulnerability, Retested, and Now I Guess I'm Just Shouting Into the Void? 19 hours ago | www.reddit.com
bypass critical critical vulnerability cvss +6
NIST unveils ARIA program to evaluate and verify AI capabilities & impacts. 20 hours ago | www.reddit.com
ai capabilities aria aria program capabilities +4
Malware Analysis of Latrodectus - Part 1 20 hours ago | www.reddit.com
analysis cybersecurity latrodectus malware +1

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com