TRAININGSERVICESEXPERTS BLOGLET'S TALK

Experts Blog

Advisory on the Apache Log4j Library Vulnerability
Advisory on the Apache Log4j Library Vulnerability
Blue Team

Shadow Credentials: Workstation Takeover Edition
Shadow Credentials: Workstation Takeover Edition
Matthew Creel

Active Directory Certificates and PKINIT are hot topics these days and our operators at Fortalice have been doing their best to stay on top of the new research and tools. My previous blog touched on PyWhisker and referenced one of its resources available on https://thehacker.recipes. While reading through the documentation there, a note near the bottom caught my eye, which stated: User objects can't edit their own msDS-KeyCredentialLink attribute while computer objects can.

Wire Fraud Alert: Business Email Compromise (BEC) on the Rise
Wire Fraud Alert: Business Email Compromise (BEC) on the Rise
Kyle Macken

PKINIT FTW - Chaining Shadow Credentials and ADCS Template Abuse
PKINIT FTW - Chaining Shadow Credentials and ADCS Template Abuse
Matthew Creel

On a recent red team engagement, our team was tasked with focusing on Active Directory Certificate Services (ADCS) exploitation. The objective was to identify certificate template misconfigurations and potentially achieve privilege escalation by abusing them. The concepts and attacks used were based around the work and whitepaper by Will Shroeder (@harmj0y) and Lee Christensen (@tifkin_).

MacOS password recovery on a disk with FileVault 2 encryption
MacOS password recovery on a disk with FileVault 2 encryption
Fortalice Solutions

Disinformation, Misinformation and Manipulation Campaigns: A How to Guide for Creating an Organizational Incident Response Playbook and Managing Reputational Risk
Disinformation, Misinformation and Manipulation Campaigns: A How to Guide for Creating an Organizational Incident Response Playbook and Managing Reputational Risk
TrackerPayton

Elevating with NTLMv1 and the Printer Bug
Elevating with NTLMv1 and the Printer Bug
Matthew Creel

Demystifying Penetration Testing Pricing
Demystifying Penetration Testing Pricing
Kyle Macken

A How to Guide for Creating an Organizational Incident Response Playbook and Managing Reputational Risk
A How to Guide for Creating an Organizational Incident Response Playbook and Managing Reputational Risk
TrackerPayton

Colonial Pipeline Ransomware Breach: How to Protect Your Assets
Colonial Pipeline Ransomware Breach: How to Protect Your Assets
TrackerPayton

Categories
Application Security
Press Release
Client Advisory
Defensive Perspectives
Offensive Perspectives
Executive Perspectives
Recent Posts
Predicting the Future of Cybersecurity
UnitedHealth Breach
Navigating SEC Cybersecurity Disclosures and Materiality