all InfoSec news
Site Takeover via SCCM’s AdminService API
Security Boulevard securityboulevard.com
tl:dr: The SCCM AdminService API is vulnerable to NTLM relaying and can be abused for SCCM site takeover.
Prior Work and Credit
Before I get started, I’d like to acknowledge some of the work previously done that inspired researching SCCM.
Chris Thompson previously covered multiple issues involving SCCM, including a site takeover primitive via MSSQL, and is the primary developer of the SharpSCCM project. Duane Michael wrote about recovering Network Access Account (NAA) credentials from DPAPI on SCCM clients. …
api application security chris configuration management credit ntlm penetration testing red teaming relaying research sccm social engineering takeover thompson vulnerable work