Latest News & Articles
Every October, the United States government, in collaboration with public and private sectors, observes Cybersecurity Awareness Month. This annual event,
Whether it’s safeguarding personal email accounts, sensitive financial information, or even critical business data, the significance of a robust password
CISA's Known Exploited Vulnerabilities Catalog
In November 2021 the Cybersecurity and Infrastructure Security Agency (CISA) started the Known Exploited Vulnerabilities (KEV) Catalog and Binding Operational Directive 22-01. The KEV catalog lists only vulnerabilities known to be actively exploited.
CVE-2017-0143 is a notorious Microsoft Windows SMBv1 remote code execution vulnerability. This vulnerability and the EternalBlue exploit led to the
Legacy Linux environments are open to various privilege escalation vulnerabilities. This post reviews three well-known vulnerabilities.
Active Directory Series
This post introduces Active Directory Certificate Services (AD CS) and topics like: public key infrastructure (PKI), the Kerberos pre-authentication protocol PKINIT, Certificate Signing Requests (CSR), and templates. This overview provides a baseline for learning AD CS penetration testing.
In July 2020 a critical privilege escalation vulnerability emerged that affected Active Directory environments: CVE-2020-1472. Nicknamed “ZeroLogon”, the vulnerability was