Skip to end of metadata
Go to start of metadata

Vulnerability analysis at the CERT Coordination Center® (CERT/CC) consists of a variety of efforts, with primary focus on coordinating vulnerability disclosure and developing vulnerability discovery tools and techniques. Publicly available resources include:

Recent Blog Posts

Overview Dirk-jan Mollema published a blog post that shows how an attacker on the same (V)LAN as a machine connected to an active directory where an AD CS server is present can obtain a kerberos ticket to impersonate a domain admin on the victim system: https://dirkjanm.io/relaying-kerberos-over-dns-with-krbrelayx-and-mitm6/ https://dirkjanm.io/relaying-kerberos-over-dns-with-krbrelayx-and-mitm6/ Using the steps outlined, an attacker can execute code with SYSTEM privileges on the victim system.…
Overview This post will explain how to find privilege escalation vuls on Windows that no one appears to be looking for, because it's been pretty easy to find a bunch of them. After explaining how to find them, I'll introduce some defenses that can partly mitigate the problem in different ways. But what I'd like to see change is for developers to start looking for these vuls in the way I describe so that they stop introducing them in the first place.…


Recently Updated

  • No labels