Pentester/recovering sysadmin Self-proclaimed Ethical Threat Active Directory Security Connoisseur Offensive stuff — securit360.com Host Cyber Threat POV — offsec.blog SWAG — swag.ethicalthreat.com 📩 By subscribing, you’ll get exclusive access to industry insights, actionable tips for securing your environments, behind-the-scenes content from my pentests, and updates from someone who keeps a pulse on the ever-changing cyber threat landscape.
🕵️♂️Ethical Threat Insights: Certificate Abuse Attacks
|
Attackers love certificates. They open doors most people forget to lock. Ethical Threat Insight: Certificate Abuse Attacks Think certificates only protect websites? Inside your network, they’re like digital ID cards for users, computers, web servers, and even domain controllers. But here’s the problem… A weak or misconfigured certificate can let attackers:
Simple tip: Start by auditing your AD Certificate Services (ADCS) using Locksmith. Look for...
Example: If you have a certificate template called ProdWebServers and Domain Users are able to modify the properties of that template, they can configure it such that they can impersonate ANY user in the domain. Or if you have a certificate template that’s configured to allow supplying an alternative SubjectAlternativeName (SAN) in the certificate request, that too can be abused to impersonate ANY user. Yes, even Domain Admins. ADCS is powerful… but dangerous when ignored. Want practical steps to harden AD?
P.S..... All the best
"Spirit of a hacker heart of a defender" |
Spencer Alessi
Pentester/recovering sysadmin Self-proclaimed Ethical Threat Active Directory Security Connoisseur Offensive stuff — securit360.com Host Cyber Threat POV — offsec.blog SWAG — swag.ethicalthreat.com 📩 By subscribing, you’ll get exclusive access to industry insights, actionable tips for securing your environments, behind-the-scenes content from my pentests, and updates from someone who keeps a pulse on the ever-changing cyber threat landscape.
Admin due diligence crushes clickgrab tricks. Ethical Threat Insight: How to Spot and Stop Clickgrab Attacks Clickgrab isn’t just about tricking users, it’s about tricking you, the admin. The ClickGrab technique is super tricky because of the fake-CAPTCHA pages. The technique is centered around hijacking your clipboard with malicious PowerShell commands and then tricking you into pasting the malicious commands into the run dialog. But there is hope! PasteEater is a super cool utility that...
More isn’t better. Better is better. Quantity fades. Quality lasts. Ethical Threat Insights: Deception, the best ROI in Security There is a misconception that more security alerts == safer environment. The reality is that’s not true. Better alerts == more actionable evidence means you’re responding to what matters most, not when your server goes haywire because of a benign scheduled task. Deception is the best ROI in security because: It’s inexpensive (especially compared to “traditional”...
🕵️♂️Ethical Threat Insights #7 | How to Identify Insecure Delegated Permissions in Active Directory
Hey there! Hope you had a great weekend. Let's get into it! 🩺Threat Pulse China’s Tacit Admission of Volt Typhoon Attacks At a December 2024 Geneva summit, China’s Ministry of Foreign Affairs cyber official Wang Lei made ambiguous remarks that U.S. delegates interpreted as a confession of Beijing’s role in the Volt Typhoon campaign—cyber intrusions on U.S. infrastructure tied to Washington’s support for Taiwan. Key Takeaways: The U.S. delegation saw Wang Lei’s comments as a warning: China is...