Andrea P
@decoder-it.bsky.social
Indeed, it is. An interesting attack surface is the Kerberos relay, as it allows control over the hostname. In this particular example, I'm relaying RPC/DCOM (bsky.app/profile/deco...) but it also works when acting as an SMB or WinRM server.
December 23, 2024 at 10:35 AM
Indeed, it is. An interesting attack surface is the Kerberos relay, as it allows control over the hostname. In this particular example, I'm relaying RPC/DCOM (bsky.app/profile/deco...) but it also works when acting as an SMB or WinRM server.
ood luck with early detection 😉. Personally, I'd focus time and effort on the basics of hardening (the ones I listed before) prevention often beats detection in the long run.
November 28, 2024 at 5:24 PM
ood luck with early detection 😉. Personally, I'd focus time and effort on the basics of hardening (the ones I listed before) prevention often beats detection in the long run.
As usual it's all about preventing relaying. So yes, always require SMB signing, LDAP/LDAPS signing and Channel Binding, HTTPS Extended Authentication Protection... but this in an ideal world, and I've see too often Insecure DNS Update allowed on root zones... 🤷♂️
November 25, 2024 at 8:53 PM
As usual it's all about preventing relaying. So yes, always require SMB signing, LDAP/LDAPS signing and Channel Binding, HTTPS Extended Authentication Protection... but this in an ideal world, and I've see too often Insecure DNS Update allowed on root zones... 🤷♂️
I will need your help ;)
November 17, 2024 at 8:11 PM
I will need your help ;)