Active Directory persistence through userAccountControl manipulation I’ve been doing some research on group Managed Service Accounts (gMSAs) recently and reading the MS-SAMR protocol specification for some information. I happened to stumble across some interesting information in the userAccountControl section which made us drop what we were doing to test it: Effectively, when the UF_SERVER_TRUST_ACCOUNT bit is set […]
Kerberos Explained Kerberos is an authentication protocol enabling systems and users to prove their identity through a trusted third-party. The protocol was initially developed at the Massachusetts Institute of Technology (MIT) as part of a larger project called Project Athena. Project Athena was a joint initiative of MIT, Digital Equipment Corporation, and IBM to build a distributed computing environment for educational use. The protocol centers around tickets. Tickets are issued by the trusted third-party and utilize symmetric encryption […]
What is it? SigRed, CVE-2020-1350, is a remote code execution vulnerability in the Microsoft Windows DNS server that was publicly disclosed on July 14, 2020, by Israeli cybersecurity firm Check Point. When a DNS server receives a query for a domain it isn’t responsible (authoritative) for it asks a DNS server further up the hierarchy which DNS […]
What is a Service Account? In this blog post, I won’t go too much into the details of service accounts but will class a service account as a user, Managed Service Account or a Group Managed Service Account which is used to run a process whether it be a Service, Task, IIS App Pools or […]
Overview In this post, I will be looking at a new exploit that leverages a weakness in Microsoft Windows Text Services Framework to launch a child process that allows for the escalation of privileges. I will give a brief overview of what the Text Services Framework service does, what the exploit is, and how it […]
Start a Free Stealthbits Trial!
No risk. No obligation.