CVE-2020-17049 is not only bypass acount is sensitive.
You *CAN* obtain tickets with "Kerberos only delegation", not only with "protocol transition"
Pre-requiste are still important, but attack surface is a little bit bigger :)
Sorry for bad message @jakekarnes42
I deleted previous tweets, cause I was wrong, and I do not want people to get wrong messages because of it.
I suppose my 2016 test domain November update was enough to limit the scope?
If I were an AV vendor I’d offer my small/medium business customers a “threat response” service, in which an analyst checks the telemetry data for highly relevant events &informs the customer by phone/email about a breach/hack/serious threat
(E.g. checks with my cheat sheet)
Our third and final speaker in Dec 17th meetup is @UlfFrisk with his topic "DMA Abuses and In-Memory Malware Detection"!
Join Ulf and the rest of the HelSec community on Dec 17th!🗓 #helsec
All the details for CVE-2020-17049 are now available! The overview contains a summary of the vulnerability and its exploit, including links to 2 deep dive posts which cover much more. blog.netspi.com/cve-2020-170…
What surprised me with Windows NT5 CryptoAPI/DPAPI reverse was the way MS coders tended to avoid their own APIs, especially for DES/3DES/DESX/SHA1/MDx
It gaves some interesting functions still here for legacy reasons
Or the way we had to use fake RSA keys to import 3DES keys🤪