Bypass NTLM Message Integrity Check – Drop the MIC
In An SMB Relay Race – How To Exploit LLMNR and SMB Message Signing for Fun and Profit, Jordan Drysdale shared the dangers of lack of SMB Signing requirements and […]
In An SMB Relay Race – How To Exploit LLMNR and SMB Message Signing for Fun and Profit, Jordan Drysdale shared the dangers of lack of SMB Signing requirements and […]
| Nigel Douglas As a Developer Advocate working on Project Falco, Nigel Douglas plays a key role in driving education for the Open-Source Detection and Response (D&R) segment of cloud-native […]
Being a digital forensics and incident response consultant is largely about unanswered questions. When we engage with a client, they know something bad happened or is happening, but they are […]
| Alyssa Snow In PART ONE and PART TWO of this blog series, we discussed common misconfigurations of Active Directory certificate templates. In this post, we will walk through exploitation […]
| Alyssa Snow Misconfigurations in Active Directory Certificate Services (ADCS) can introduce critical vulnerabilities into an Enterprise Active Directory environment, such as paths of escalation from low privileged accounts to […]
| Alyssa Snow Active Directory Certificate Services (ADCS)1 is used for public key infrastructure in an Active Directory environment. ADCS is widely used in enterprise Active Directory environments for managing […]
Hayden Covington // Phishing is an ever-present threat, but lately, user education and spam filters have helped mitigate some of that threat. But what happens when a phish makes it […]
Patterson Cake // PART 1 PART 2 In part one of “Wrangling the M365 UAL,” we talked about acquiring, parsing, and querying UAL data using PowerShell and SOF-ELK. In part […]
Patterson Cake // When it comes to M365 audit and investigation, the “Unified Audit Log” (UAL) is your friend. It can be surly, obstinate, and wholly inadequate, but your friend […]