Active Directory Series: Kerberoasting
Kerberoasting is an Active Directory credential attack that attackers use to access other services in Active Directory...
Menu
KEV Catalog: “Heartbleed” OpenSSL Vulnerability (CVE-2014-0160)
CVE-2014-0160 is known by the nickname “Heartbleed”. It is an information disclosure vulnerability in outdated versions of...
Active Directory Series: Kerberos Authentication Overview
Active Directory uses the Kerberos protocol to authenticate clients and permit or deny access to different services...
KEV Catalog: “WannaCry” Microsoft SMBv1 RCE Vulnerability (CVE-2017-0143)
CVE-2017-0143 is a notorious Microsoft Windows SMBv1 remote code execution vulnerability. This vulnerability and the EternalBlue exploit...
7 Locations for Unsecured Credentials
Attackers can use unsecured user credentials to access different services and pivot within a network. Malicious actors...
KEV Catalog: 3 Linux Privilege Escalation Vulnerabilities
Legacy Linux environments are open to various privilege escalation vulnerabilities. This post reviews three well-known vulnerabilities.
Dallas County Data Incident from Computers Sold at Auction
Last month, Dallas County released a notice disclosing that Dallas County computers were sold at auction that...
KEV Catalog: OpenSMTPD RCE Vulnerability (CVE-2020-7247)
CVE-2020-7247 is a remote code execution vulnerability in OpenSMTPD. OpenSMTPD is a free smtp protocol (mail server...
Ferrari Cyber Incident: Cyber Extortion vs Ransomware
Last week, Ferrari announced it was contacted by a cyber threat actor for a ransom demand. Their...
KEV Catalog: “Shellshock” GNU Bash Arbitrary Code Execution Vulnerability (CVE-2014-6271, CVE-2014-7169)
The “Shellshock” or “Bashdoor” vulnerability is a critical remote code execution vulnerability.