all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Relaying to AD Certificate Services over RPC

Add to bookmarks
Nov. 16, 2022, 10:45 a.m. | Sylvain Heiniger

Compass Security Blog blog.compass-security.com

In June last year, the good folks at SpecterOps dropped awesome research on Active Directory Certificate Services (AD CS) misconfigurations. Since then, we find and report these critical vulnerabilities at our customers regularly. One of these new attack path is relaying NTLM authentication to unprotected HTTP endpoints. This allows an attacker to get a valid […]

active directory adcs certificate certificate services microsoft ntlm relay relaying research rpc services windows

Visit resource

More from blog.compass-security.com / Compass Security Blog

How to become a Hacker 1 week, 5 days ago | blog.compass-security.com
compass computer computer science eth +13
Bug Bounty: Insights from Our First-hand Experience 3 weeks, 5 days ago | blog.compass-security.com
blog blog posts bounties bounty +26
New Burp Extension: JWT-scanner 1 month, 1 week ago | blog.compass-security.com
application applications article authentication +20
Behind The Scenes Of Ransomware Attacks 1 month, 3 weeks ago | blog.compass-security.com
apt attacks big blog +10
Pwn2Own Toronto 2023: Part 5 – The Exploit 2 months ago | blog.compass-security.com
buffer buffer overflow buffer overflow vulnerability camera +20
Pwn2Own Toronto 2023: Part 4 – Memory Corruption Analysis 2 months ago | blog.compass-security.com
analysis corruption internet of things manage +9
Pwn2Own Toronto 2023: Part 3 – Exploration 2 months ago | blog.compass-security.com
authentication can code code execution +19
Pwn2Own Toronto 2023: Part 2 – Exploring the Attack Surface 2 months ago | blog.compass-security.com
aim attack attack surface blog +16
Pwn2Own Toronto 2023: Part 1 – How it all started 2 months, 1 week ago | blog.compass-security.com
analysts blog blog post camera +13

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com