
Ori David
@oridavid123
Followers
385
Following
1K
Media
13
Statuses
115
Today I had the pleasure of presenting my research at #BHEU, and I am now very excited to share it with the rest of the world. TL;DR - unauthenticated attackers can spoof sensitive DNS records by abusing Microsoft DHCP. @akamai_research.1/7
Turns out, sometimes it isn't DNS. it's DHCP 👀. See @oridavid123's research on how DHCP can be used to spoof DNS records- potentially leading to Active Directory compromise. Worst part? No credentials needed, just network access. Full write-up:.
7
11
40
RT @akamai_research: This is a wild one. 🏜️. The Coyote malware is now abusing UI Automation (UIA) - marking the first known case of UIA ab….
0
7
0
9/.This is likely part of what CISA is seeing in the wild. Credential theft from compromised Fortinet gear, followed by lateral movement (likely into AD). This exact behavior was detailed by Mandiant in a report covering Ivanti VPN exploitation:
cloud.google.com
We have conducted multiple incident response engagements across a range of industry verticals and geographic regions.
1
0
0
RT @akamai_research: If you can't beat them, ban them 😏 . Malicious Cryptominers can be tough to dismantle - but we found a way. 👀 By explo….
0
7
0
RT @OutflankNL: Here's our new blog on hiding your implant in VTL1, where even an EDR's kernel sensor can't see it.🧑🦯. Post includes full….
outflank.nl
Dig into secure enclave internals and learn about practical techniques used to exploit a read-write primitive in a vulnerable enclave DLL.
0
82
0
RT @YuG0rd: Many missed this on #BadSuccessor: it’s also a credential dumper. I wrote a simple PowerShell script that uses Rubeus to dump….
0
148
0
RT @0xTriboulet: Microsoft, and other software vendors, have demonstrated time and again that security will always come second. I agree tha….
0
6
0
RT @YuG0rd: We've heard feedback suggesting we should have waited to release details about BadSuccessor until Microsoft issued a patch. We….
0
13
0
RT @akamai_research: Today we unveil BadSuccessor - a new no-fix Active Directory privilege escalation technique. We will explore the rece….
0
179
0
Amazing research by Yuval! .A privilege escalation technique in Active Directory that allows weak users to compromise ANY user in the domain. Microsoft considers this issue to be a moderate severity vulnerability, and don't currently plan to fix it. We'll let you be the judge🤷♂️.
🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability.It allows compromising any user in AD, it works with the default config, and. Microsoft currently won't fix it 🤷♂️.Read Here -
0
2
7