This media is not supported in your browser
VIEW IN TELEGRAM
SCCM AdminService API уязвим к релей атакам🙈 Интересненько...
https://posts.specterops.io/site-takeover-via-sccms-adminservice-api-d932e22b2bf
#ad #redteam #pentest #sccm #relay
https://posts.specterops.io/site-takeover-via-sccms-adminservice-api-d932e22b2bf
#ad #redteam #pentest #sccm #relay
🔥32👍3
Про NetNTLMv1 downgrade & relay в 2023 году
https://www.r-tec.net/r-tec-blog-netntlmv1-downgrade-to-compromise.html
#pentest #redteam #relay #creds
https://www.r-tec.net/r-tec-blog-netntlmv1-downgrade-to-compromise.html
#pentest #redteam #relay #creds
www.r-tec.net
NetNTLMv1 Downgrade to compromise
Easy to understand NetNTLMv1 downgrade, relaying stuff and further resources for those who want to get the bigger picture at the end of this post.
👍9🔥7
Forwarded from APT
This media is not supported in your browser
VIEW IN TELEGRAM
🔄 Active Directory GPOs through NTLM relaying, and more!
Learn about a attack vector that exploits GPOs through NTLM relaying, potentially allowing unauthenticated attackers to abuse.
🌐 Source:
https://www.synacktiv.com/publications/gpoddity-exploiting-active-directory-gpos-through-ntlm-relaying-and-more
#ad #gpo #relay #ntlm
Learn about a attack vector that exploits GPOs through NTLM relaying, potentially allowing unauthenticated attackers to abuse.
🌐 Source:
https://www.synacktiv.com/publications/gpoddity-exploiting-active-directory-gpos-through-ntlm-relaying-and-more
#ad #gpo #relay #ntlm
👍15🔥1
Kerberos Relay and Forwarder for (Fake) SMB MiTM Server
https://github.com/decoder-it/KrbRelayEx
Наконец-то)))
#pentest #ad #relay
https://github.com/decoder-it/KrbRelayEx
Наконец-то)))
#pentest #ad #relay
🔥29👍11
NTLM релей в WinRMS, не ждали? А вот...
Blog: https://sensepost.com/blog/2025/is-tls-more-secure-the-winrms-case./
Soft: https://github.com/fortra/impacket/pull/1947
#pentest #redteam #relay #ad #lateralmovement
Blog: https://sensepost.com/blog/2025/is-tls-more-secure-the-winrms-case./
Soft: https://github.com/fortra/impacket/pull/1947
#pentest #redteam #relay #ad #lateralmovement
🔥15👍7😱1
CVE-2025-33073: Reflective Kerberos Relay (LPE)
Blog: https://blog.redteam-pentesting.de/2025/reflective-kerberos-relay-attack/
Patched: June 10, 2025
Интересная LPE с релеем на себя... Даже CVE есть)
#lpe #ad #relay #pentest #redteam
Blog: https://blog.redteam-pentesting.de/2025/reflective-kerberos-relay-attack/
Patched: June 10, 2025
Интересная LPE с релеем на себя... Даже CVE есть)
#lpe #ad #relay #pentest #redteam
RedTeam Pentesting - Blog
A Look in the Mirror - The Reflective Kerberos Relay Attack
It is a sad truth in IT security that some vulnerabilities never quite want to die and time and time again, vulnerabilities that have long been fixed get revived and come right back at you. While researching relay attacks, the bane of Active …
🔥15👍6
Ralf Hacker Channel
CVE-2025-33073: Reflective Kerberos Relay (LPE) Blog: https://blog.redteam-pentesting.de/2025/reflective-kerberos-relay-attack/ Patched: June 10, 2025 Интересная LPE с релеем на себя... Даже CVE есть) #lpe #ad #relay #pentest #redteam
В продолжение все той же темы CVE-2025-33073...
https://www.synacktiv.com/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025
Еще один ресерч, на это раз от Synactiv. Вот только у них не LPE, а Auth RCE от имени SYSTEM (если подпись SMB на машине не требуется).
#rce #lpe #ad #relay #pentest #redteam
https://www.synacktiv.com/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025
Еще один ресерч, на это раз от Synactiv. Вот только у них не LPE, а Auth RCE от имени SYSTEM (если подпись SMB на машине не требуется).
Even though CVE-2025-33073 is referred by Microsoft as an elevation of privilege, it is actually an authenticated remote command execution as SYSTEM on any machine which does not enforce SMB signing.
#rce #lpe #ad #relay #pentest #redteam
Synacktiv
NTLM reflection is dead, long live NTLM reflection! – An in-depth analysis of CVE-2025-33073
🔥16👍10😱1