all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

SCCM Hierarchy Takeover with High Availability

Add to bookmarks
Feb. 21, 2024, 8:25 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

TL;DR: SCCM sites configured to support high availability can be abused to compromise the entire hierarchy

I previously wrote about how targeting site systems hosting the SMS Provider role can be used to compromise a SCCM hierarchy. In that blog, I discussed high availability (HA) for the SMS Provider which is designed to support multiple configuration manager console sessions or to support managing SCCM if the SMS provider goes offline. Since then, my coworker Chris Thompson and I started researching …

availability blog can compromise hierarchy high high availability hosting role sccm sms support systems takeover targeting

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Note to investors and security pros: drive innovation by going on the offensive 27 minutes ago | malware.news
article cybersecurity drive innovation +10
New network to target migrant smugglers in the digital domain 37 minutes ago | malware.news
alliance april aspect counter +17
New High-Severity Vulnerability in Apache ActiveMQ Poses Risk of Unauthorized Access: CVE-2024-32114 an hour ago | malware.news
access activemq apache apache activemq +15
My impression of Botconf 2024 an hour ago | malware.news
analysis botconf channel dotnet +13
Top 10 Free IoC Search & Enrichment Platforms 2 hours ago | malware.news
amp assets attacks breaches +33
ISC Stormcast For Friday, May 3rd, 2024 https://isc.sans.edu/podcastdetail/8966, (Fri, May 3rd) 9 hours ago | malware.news
topic
Preparation: The Less Shiny Side of Incident Response - Joe Gross - ESW #360 12 hours ago | malware.news
article incident incident response link +4
Critical GitLab account takeover flaw added to CISA’s KEV Catalog 13 hours ago | malware.news
account account takeover article catalog +17
US warns of North Korean hackers using email security flaws for phishing attacks 15 hours ago | malware.news
article attacks change email +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

SITEC- Systems Security Administrator- Camp HM Smith

@ Peraton | Camp H.M. Smith, HI, United States
View on infosec-jobs.com

Cyberspace Intelligence Analyst

@ Peraton | Fort Meade, MD, United States
View on infosec-jobs.com

General Manager, Cybersecurity, Google Public Sector

@ Google | Virginia, USA; United States
View on infosec-jobs.com

Cyber Security Advisor

@ H&M Group | Stockholm, Sweden
View on infosec-jobs.com

Engineering Team Manager – Security Controls

@ H&M Group | Stockholm, Sweden
View on infosec-jobs.com
View more jobs