Active Directory Series

Active Directory Series: Introducing AD CS

Comments Off

October 4, 2023October 4, 2023

This post introduces Active Directory Certificate Services (AD CS) and topics like: public key infrastructure (PKI), the...

by Cody Rubio

“Certifried” Active Directory Privilege Escalation Vulnerability (CVE-2022-26923)

Comments Off

September 14, 2023October 6, 2023

"Certifried" is an Active Directory privilege escalation vulnerability found in AD Certificate Services in May 2022 by...

by Cody Rubio

Active Directory Series: Critical Profiled Vulnerabilities

Comments Off

September 1, 2023September 14, 2023

This post provides an active list of Active Directory vulnerabilities that Secured has profiled in its Known...

by Cody Rubio

Active Directory Series: “ZeroLogon” Privilege Escalation Vulnerability

Comments Off

August 18, 2023August 18, 2023

In July 2020 a critical privilege escalation vulnerability emerged that affected Active Directory environments: CVE-2020-1472. Nicknamed "ZeroLogon",...

by Cody Rubio

Active Directory Series: LDAP Reconnaissance

Comments Off

August 4, 2023August 4, 2023

LDAP is a protocol that is targeted by attackers to get more information about Active Directory environments....

by Cody Rubio

Active Directory Series: LAPS Permissions

Comments Off

July 6, 2023July 13, 2023

Local Administrator Password Solutions (LAPS) provides various security benefits in Active Directory environments. If LAPS permissions are...

by Cody Rubio

“PetitPotam” Windows LSA Spoofing Vulnerability (CVE-2021-36942)

Comments Off

June 29, 2023October 6, 2023

PetitPotam is a NTLM relay attack vulnerability that is often checked for in Active Directory penetration testing....

by Cody Rubio

Active Directory Series: 10 Reasons to Use CrackMapExec

Comments Off

June 22, 2023July 13, 2023

CrackMapExec has various modules and options for Active Directory penetration testing. Here are 10 reasons to check...

by Cody Rubio

KEV Catalog: “sAMAccountName” “noPac” Privilege Escalation (CVE-2021-42278 and CVE-2021-42287)

Comments Off

June 14, 2023October 6, 2023

"sAMAcountName" and "noPac" are two critical Active Directory vulnerabilities that can lead to full Domain compromise. Learn...

by Cody Rubio

Active Directory Series: DC Sync

Comments Off

June 8, 2023July 13, 2023

DC Sync attacks are a serious threat to Active Directory environments. DC Sync attacks occurred in the...

Download our Capabilities Brief

Active Directory Series: Introducing AD CS

by Cody Rubio

“Certifried” Active Directory Privilege Escalation Vulnerability (CVE-2022-26923)

by Cody Rubio

Active Directory Series: Critical Profiled Vulnerabilities

by Cody Rubio

Active Directory Series: “ZeroLogon” Privilege Escalation Vulnerability

by Cody Rubio

Active Directory Series: LDAP Reconnaissance

by Cody Rubio

Active Directory Series: LAPS Permissions

by Cody Rubio

“PetitPotam” Windows LSA Spoofing Vulnerability (CVE-2021-36942)

by Cody Rubio

Active Directory Series: 10 Reasons to Use CrackMapExec

by Cody Rubio

KEV Catalog: “sAMAccountName” “noPac” Privilege Escalation (CVE-2021-42278 and CVE-2021-42287)

by Cody Rubio

Active Directory Series: DC Sync

by Cody Rubio

Unveiling the Tools Behind Object Recognition: A Deep Dive into Deep Learning Equipment

Looking Back on 10 Cybersecurity Trends of 2023

The Role of Blockchain in File Sharing Security

KEV Catalog: Apache CouchDB Remote Privilege Escalation (CVE-2022-24706)

KEV Catalog: “Ghostcat” Apache Tomcat Improper Privilege Management Vulnerability (CVE-2020-1938)

KEV Catalog: “Drupalgeddon2”: Drupal Module Configuration Vulnerability CVE-2018-7600

KEV Catalog: “Spring4Shell” Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)

KEV Catalog: Debian-specific Redis Server Lua Sandbox Escape Vulnerability (CVE-2022-0543)

KEV Catalog: Apache Airflow “Example DAG” Command Injection (CVE-2020-11978)

KEV Catalog: VMware Spring Cloud Gateway Code Injection Vulnerability (CVE-2022-22947)

KEV Catalog: VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability (CVE-2022-22963)

KEV Catalog: Red Hat Polkit “pwnkit” Out-of-Bounds Read and Write Vulnerability (CVE-2021-4034)

KEV Catalog: SaltStack Salt Authentication Bypass (CVE-2020-11651)

Ready For a Free Consultation For Any Size Solution?

Company

Services

Contact Us

Category: Active Directory Series

by Cody Rubio

by Cody Rubio

by Cody Rubio

by Cody Rubio

by Cody Rubio

by Cody Rubio

by Cody Rubio

by Cody Rubio

by Cody Rubio

by Cody Rubio

Ready For a Free Consultation For Any Size Solution?

Company

Services

Contact Us