BlackDirect: a vulnerability in Microsoft OAuth 2.0 may allows attackers to takeover Microsoft and Azure Accounts

Security researcher Omer Tsarfati from CyberArk has discovered [1] a vulnerability in Microsoft’s OAuth implementation that may allows attacker to create authentication tokens with the victim’s permissions.
This could let a malicious attacker access and control a victim’s account and take actions on their behalf.

Continue reading “BlackDirect: a vulnerability in Microsoft OAuth 2.0 may allows attackers to takeover Microsoft and Azure Accounts”

Two NTLM vulnerabilities may allow full AD domain compromise

On October 2019 Patch Tuesday, Microsoft released patches for CVE-2019-1166 and CVE-2019-1338, two serious vulnerabilities that may leading to a full Active Directory domain compromise.

Continue reading “Two NTLM vulnerabilities may allow full AD domain compromise”

Windows information gathering using Powershell: a brief cheatsheet

During a penetration test, once you get a local access to a target, you should start a local assessment of the machine in order to plan a correct tactic for privileges escalation and lateral movement.

Continue reading “Windows information gathering using Powershell: a brief cheatsheet”

Windows Security Event Logs: my own cheatsheet

During a forensic investigation, Windows Event Logs are the primary source of evidence.
Windows Event Log analysis can help an investigator draw a timeline based on the logging information and the discovered artifacts, but a deep knowledge of events IDs is mandatory.

Continue reading “Windows Security Event Logs: my own cheatsheet”