All the details for CVE-2020-17049 are now available! The overview contains a summary of the vulnerability and its exploit, including links to 2 deep dive posts which cover much more. blog.netspi.com/cve-2020-170…
New blog post discussing approaches to evasion that use less anecdotal evidence (technique X worked against Y) to one which uses observed agent capabilities to determine OPSEC-safe techniques. posts.specterops.io/adventur… 1/5
With a few small modifications @MDSecLabs' Office 365 attack toolkit works with ROADtools tokens. This makes it a nice GUI for API tokens obtained with SSO abuse or via other means. cc @0x09AL
I'm excited to share that CVE-2020-17049 has been issued for a vulnerability that I found. There are more details to come, but I'll be holding off publishing for now while the patchwork is still ongoing. msrc.microsoft.com/update-gu…
It may surprise you, but 'sekurlsa' is not the first module I have in mind when re-creating #mimikatz 3 🥝
Ho yes, it now has submodule(s) support to avoid giant modules🤪
(and it's not detected as dangerous until now)
We should limit the use of open source defensive tools as bad guys can use them to detect/prevent legal LE implants and stop good guys from catching them.
Wanna exploit office documents but don't know where to start? Me too! I'll be rambling about my journey into researching some old Microsoft Office technologies next Friday at SO-CON!
SO-CON Talk Announcement - Phishing in a Macro-less World
@hotnops will discuss some of the old and forgotten technologies in Microsoft Office that can be leveraged to produce (and detect) malicious office documents.
Sign up here: so-con-2020.eventbrite.com