IntroDuring a short application assessment, enumeration and decryption of a third-party application’s Windows Data Protection API (DPAPI) blobs using SharpDPAPI produced non-readable data because optional entropy was being used. This may be ...

Thank you to SpecterOps for supporting this research, to Elad for helping draft this blog, and to Sarah, Daniel, and Adam for proofreading and editing! Crossposted on GitHub.What follows is the culmination of ...

A Year of Critical Zero Days: Firewalls, VPNs, and more This past year has been, in many ways, the year of zero-day vulnerabilities for externally exposed assets — a trend that has ...

TL;DR: Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance. We’re also presenting this material at SO-CON 2024 on March 11, ...

TL;DR: SCCM sites configured to support high availability can be abused to compromise the entire hierarchyI previously wrote about how targeting site systems hosting the SMS Provider role can be used to ...

Juliet C# is a project from the National Institute of Standards and Technology of the USA. As a security benchmark project, we used Juliet C# 1.3 to test and improve our C# ...

The post Patch Tuesday Update - December 2023 appeared first on Digital Defense ...

When I first started diving into offensive Slack access, one of the best public resources I found was a blog post by Cody Thomas from back in 2020 (which I highly recommend ...

Written by Nico Shyne & Josh PragerThe Game of Domain DominanceJust as in the political landscape of Westeros, defenders face a dynamic adversarial relationship…except instead of fighting rival families, defenders are locked into ...

tl:dr: The SCCM AdminService API is vulnerable to NTLM relaying and can be abused for SCCM site takeover.Prior Work and CreditBefore I get started, I’d like to acknowledge some of the work previously ...