all InfoSec news
RC4 Is Still Considered Harmful
Oct. 27, 2022, 7:48 p.m. | noreply@blogger.com (Unknown)
Project Zero googleprojectzero.blogspot.com
By James Forshaw, Project Zero
I've been spending a lot of time researching Windows authentication implementations, specifically Kerberos. In June 2022 I found an interesting issue number 2310 with the handling of RC4 encryption that allowed you to authenticate as another user if you could either interpose on the Kerberos network traffic to and from the KDC or directly if the user was configured to disable typical pre-authentication requirements.
This blog post goes into more detail on how this vulnerability …
More from googleprojectzero.blogspot.com / Project Zero
Analyzing a Modern In-the-wild Android Exploit
7 months, 2 weeks ago |
googleprojectzero.blogspot.com
Summary: MTE As Implemented
9 months, 1 week ago |
googleprojectzero.blogspot.com
MTE As Implemented, Part 1: Implementation Testing
9 months, 1 week ago |
googleprojectzero.blogspot.com
MTE As Implemented, Part 3: The Kernel
9 months, 1 week ago |
googleprojectzero.blogspot.com
MTE As Implemented, Part 2: Mitigation Case Studies
9 months, 1 week ago |
googleprojectzero.blogspot.com
Jobs in InfoSec / Cybersecurity
Malware Analyst - TASO / Active Secret
@ Peraton | Arlington, VA, United States
Information Security Engineer
@ Deel | Anywhere (APAC)
Cybersecurity Engineer
@ Booz Allen Hamilton | USA, DC, Washington (1125 15th St NW)
Director, Security Engineering
@ Warner Bros. Discovery | GA Atlanta 1050 Techwood Drive NW
Consultant Senior Securité Réseaux
@ Devoteam | Tunis, Tunisia
SOC Analyst, Mid
@ Peraton | Washington, DC, United States