“Certifried” Active Directory Privilege Escalation Vulnerability (CVE-2022-26923)
"Certifried" is an Active Directory privilege escalation vulnerability found in AD Certificate Services in May 2022 by...
Menu
Atlassian Confluence Server and Data Center RCE Vulnerability (CVE-2022-26134)
This critical remote code execution vulnerability was announced in June 2022 and affected both Atlassian Confluence servers...
“Dirty Pipe” Linux Kernel Vulnerability (CVE-2022-0847)
"Dirty Pipe" is a well-known Linux kernel privilege escalation vulnerability. This post includes a walkthrough of how...
“PetitPotam” Windows LSA Spoofing Vulnerability (CVE-2021-36942)
PetitPotam is a NTLM relay attack vulnerability that is often checked for in Active Directory penetration testing....
KEV Catalog: “sAMAccountName” “noPac” Privilege Escalation (CVE-2021-42278 and CVE-2021-42287)
"sAMAcountName" and "noPac" are two critical Active Directory vulnerabilities that can lead to full Domain compromise. Learn...
KEV Catalog: ExifTool Remote Code Execution Vulnerability (CVE-2021-22204)
This vulnerability is in ExifTool, a tool for changing the metadata of video, image and pdf files....
KEV Catalog: “SMBGhost” Microsoft SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)
"SMBGhost" is a critical vulnerability that affected SMBv3 in Windows 10 Versions 1903 and 1909. The vulnerability...
KEV Catalog: “HiveNightmare” aka ”SeriousSAM” Vulnerability CVE-2021-36934
CVE-201-36934 is called Microsoft Windows SAM Local Privilege Escalation Vulnerability and is also known by the nicknames...
KEV Catalog: “PrintNightmare” (CVE-2021-34527)
CVE-2021-34527 is a critical Windows Print Spooler vulnerability that allowed malicious actors to remotely inject DLLs and...
KEV Catalog: “ZeroLogon” NetLogon Privilege Escalation Vulnerability (CVE-2020-1472)
In July 2020 a critical privilege escalation vulnerability emerged that affected Active Directory environments: CVE-2020-1472. Nicknamed "ZeroLogon",...