MachineAccountQuota (MAQ) is a domain level attribute that by default permits unprivileged users to attach up to 10 computers to an Active Directory (AD) domain.

Writing a malicious driver to steal tokens from kernel mode.

Certified Pre-Owned - Download as a PDF or view online for free

"Golden" certificates. Contribute to GhostPack/ForgeCert development by creating an account on GitHub.

Microsoft Exchange Server is an email solution widely deployed within government and enterprises, and it is an integral part of both their daily operations and security. Needless to say, vulnerabilities in Exchange have long been the Holy Grail for attackers…

The series of A New Attack Surface on MS Exchange: A New Attack Surface on MS Exchange Part 1 - ProxyLogon! A New Attack Surface on MS Exchange Part 2 - ProxyOracle! A New Attack Surface on MS Excha

Hi, this is the part 2 of the New MS Exchange Attack Surface. Because this article refers to several architecture introductions and attack surface concepts in the previous article, you could find the

Break typical Windows hardening configurations by bypassing restrictions on command prompt and registry editing tools, and exploiting Group Policy…

On April 7 2021, Thijs Alkemade and Daan Keuper demonstrated a zero-click remote code execution exploit in the Zoom video client during Pwn2Own 2021. Now that related bugs have been fixed for all users (see ZDI-21-971 and ZSB-22003) we can safely detail the…

TL;DR With Administrator level privileges and without interacting with the GUI, it’s possible to prevent Defender from doing its job while keeping it alive and without disabling tamper protection by redirecting the \Device\BootDevice NT symbolic link which…

In the past few years there's been numerous exploits for service to system privilege escalation. Primarily they revolve around the fact that...

Wiz Research recently found 4 critical vulnerabilities in OMI, which is one of Azure's most ubiquitous yet least known software agents and is deployed on a large portion of Linux VMs in Azure.

@GossiTheDog This is even more severe. The RCE is the simplest RCE you can ever imagine. Simply remove the auth header and you are root. remotely. on all machines. Is this really 2021?

Microsoft Office macros continue to be one of the primary delivery mechanisms in real world attacks seen by Countercept and often present the easiest and simplest way to compromise most organisations. However, common payloads haven’t changed that much over…

Posted by James Forshaw, Project Zero This blog post is a summary of some research I've been doing into relaying Kerberos authentica...

Posted by James Forshaw, Project Zero In my previous blog post  I discussed the possibility of relaying Kerberos authentication from a...

CVE-2021-42278 and CVE-2021-42287

When Microsoft released the November 2021 patches, the following CVEs caught the eye of many security professionals because they allow impersonation of a domain controller in an Active Directory environment.
CVE-2021-42278 - KB5008102 Active Directory Security…