Recently, Microsoft released a patch that fixes a critical vulnerability in the Windows’ crypto library.Continue reading “CVE-2020-0601: a critical Windows vulnerability discovered by…NSA!”
Security researcher Omer Tsarfati from CyberArk has discovered  a vulnerability in Microsoft’s OAuth implementation that may allows attacker to create authentication tokens with the victim’s permissions.
This could let a malicious attacker access and control a victim’s account and take actions on their behalf.
On October 2019 Patch Tuesday, Microsoft released patches for CVE-2019-1166 and CVE-2019-1338, two serious vulnerabilities that may leading to a full Active Directory domain compromise.Continue reading “Two NTLM vulnerabilities may allow full AD domain compromise”
During a penetration test, once you get a local access to a target, you should start a local assessment of the machine in order to plan a correct tactic for privileges escalation and lateral movement.Continue reading “Windows information gathering using Powershell: a brief cheatsheet”
During a forensic investigation, Windows Event Logs are the primary source of evidence.
Windows Event Log analysis can help an investigator draw a timeline based on the logging information and the discovered artifacts, but a deep knowledge of events IDs is mandatory.