🔐 Exploiting SCCM’s AdminService API for Site Takeover 🔐
Extensive research into SCCM services has revealed a security flaw within the AdminService API, exploiting the authentication process and leading to unauthorized access. The AdminService API, backed by Microsoft Negotiate authentication, could be leveraged by malicious actors for privilege escalation, granting unauthorized Full Administrator privileges on the targeted site.
🌐 Details:
https://posts.specterops.io/site-takeover-via-sccms-adminservice-api-d932e22b2bf
#ad #sccm #site #takeover
Extensive research into SCCM services has revealed a security flaw within the AdminService API, exploiting the authentication process and leading to unauthorized access. The AdminService API, backed by Microsoft Negotiate authentication, could be leveraged by malicious actors for privilege escalation, granting unauthorized Full Administrator privileges on the targeted site.
🌐 Details:
https://posts.specterops.io/site-takeover-via-sccms-adminservice-api-d932e22b2bf
#ad #sccm #site #takeover
SpecterOps
Site Takeover via SCCM’s AdminService API - SpecterOps
While researching SCCM services, I was studying the various access methods to retrieve or modify data stored in a SCCM site’s database. Read more...
🔥8👍1