all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Site Takeover via SCCM’s AdminService API

Add to bookmarks
Aug. 10, 2023, 6:05 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

tl:dr: The SCCM AdminService API is vulnerable to NTLM relaying and can be abused for SCCM site takeover.

Prior Work and Credit

Before I get started, I’d like to acknowledge some of the work previously done that inspired researching SCCM.

Chris Thompson previously covered multiple issues involving SCCM, including a site takeover primitive via MSSQL, and is the primary developer of the SharpSCCM project. Duane Michael wrote about recovering Network Access Account (NAA) credentials from DPAPI on SCCM clients. …

api article database garrett link posts sccm server specterops takeover team topic

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

How CISA is Preparing For the Influx of CIRCIA Reports an hour ago | malware.news
act backend circia cisa +21
From Spam to AsyncRAT: Tracking the Surge in Non-PE Cyber Threats an hour ago | malware.news
access asynchronous asyncrat breach +23
Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution 3 hours ago | malware.news
arbitrary code arbitrary code execution cisco cisco talos +19
Big Vulnerabilities in Next-Gen BIG-IP 4 hours ago | malware.news
accounts assets attacker attackers +13
Proactive cybersecurity emphasized by new Vermont CISO 4 hours ago | malware.news
article chief chief information security officer ciso +27
Guilty plea entered by e-BTC operator for money laundering 4 hours ago | malware.news
alexander vinnik article btc btc-e +19
Google unveils new Threat Intelligence platform 4 hours ago | malware.news
article cloud cybersecurity cybersecurity threats +20
Thwarted cyberattack targeted Library of Congress in tandem with October British Library breach 4 hours ago | malware.news
authentication breach british british library +13
Nearly 150K impacted by Kansas court system hack 4 hours ago | malware.news
administration article attack case +18

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Junior Cybersecurity Analyst - 3346195

@ TCG | 725 17th St NW, Washington, DC, USA
View on infosec-jobs.com

Cyber Intelligence, Senior Advisor

@ Peraton | Chantilly, VA, United States
View on infosec-jobs.com

Consultant Cybersécurité H/F - Innovative Tech

@ Devoteam | Marseille, France
View on infosec-jobs.com

Manager, Internal Audit (GIA Cyber)

@ Standard Bank Group | Johannesburg, South Africa
View on infosec-jobs.com

Staff DevSecOps Engineer

@ Raft | San Antonio, TX (Local Remote)
View on infosec-jobs.com

Domain Leader Cybersecurity

@ Alstom | Bengaluru, KA, IN
View on infosec-jobs.com
View more jobs