Stealthbits

Posts by Joe Dibley

Home >Joe Dibley
Joe is a Security Researcher at Stealthbits Technologies. An expert in Active Directory, Windows, and a wide variety of enterprise software platforms and technologies, Joe researches new security risks, complex attack techniques, and associated mitigations and detections.

SERVER (UN)TRUST ACCOUNT

Active Directory persistence through userAccountControl manipulation I’ve been doing some research on group Managed Service Accounts (gMSAs) recently and reading the MS-SAMR protocol specification for some information. I happened to stumble across some interesting information in the userAccountControl section which made us drop what we were doing to test it: Effectively, when the UF_SERVER_TRUST_ACCOUNT bit is set […]

What Is Kerberos?

What is it?   Kerberos is an authentication protocol enabling systems and users to prove their identity through a trusted third-party. The protocol was initially developed at the Massachusetts Institute of Technology (MIT) as part of a larger project called Project Athena. Project Athena was a joint initiative of MIT, Digital Equipment Corporation, and IBM to build a distributed computing environment for educational use.   The protocol centers around tickets. Tickets are issued by the trusted third-party and utilize symmetric […]

What is the SigRed vulnerability in Windows DNS Server?

| Joe Dibley | Security | Leave a Comment

What is it? SigRed, CVE-2020-1350, is a remote code execution vulnerability in the Microsoft Windows DNS server that was publicly disclosed on July 14, 2020, by Israeli cybersecurity firm Check Point.   When a DNS server receives a query for a domain it isn’t responsible (authoritative) for it asks a DNS server further up the hierarchy which DNS […]

Cleaning Up Unused Service Accounts – Part 2: Detecting Common Locations Where Service Accounts Are Used

In this post, I will continue the series for how to do a service account clean up in Active Directory by going into details of common locations in a Windows OS that can be used to configure service accounts as well as then showing how to collect these using PowerShell to enable an easy collection […]

Cleaning Up Unused Service Accounts Series – Part 1: Overview of the Process

What is a Service Account? In this blog post, I won’t go too much into the details of service accounts but will class a service account as a user, Managed Service Account or a Group Managed Service Account which is used to run a process whether it be a Service, Task, IIS App Pools or […]

Making Internal Reconnaissance Harder Using NetCease and SAMRi10

What is Internal Reconnaissance? Internal Reconnaissance is one of the first steps an attacker will take once they have compromised a user or computer on the internal network. This usually involves using tools or scripts to enumerate and collect information to help them identify where they should try and compromise next on the internal network […]

Using CTFTOOL.exe to escalate privileges by leveraging Text Services Framework; and mitigation processes and steps

| Joe Dibley | Security | Leave a Comment

Overview In this post, I will be looking at a new exploit that leverages a weakness in Microsoft Windows Text Services Framework to launch a child process that allows for the escalation of privileges. I will give a brief overview of what the Text Services Framework service does, what the exploit is, and how it […]

Subscribe

DON'T MISS A POST. SUBSCRIBE TO THE BLOG!

© 2020 Stealthbits Technologies, Inc.

Start a Free Stealthbits Trial!

No risk. No obligation.

FREE TRIAL