New blog section: SMBRelay Bible
Tweet This is the first part of our encyclopedia of pass the hash / smbrealy attacks (SMBRelay Bible). The goal of this encyclopedia is to collect all possibilities of obtaining NTLM authentication...
View ArticleSMBRelay bible 1: Attacking Enterprise business (ERP)
Tweet Why are these attacks so critical for business applications and ERP systems? The well known PassTheHash vulnerabilities can be used for gaining a shell or password hashes. It is known that...
View ArticleSMBRelay bible 2. SMBRelay by MS SQL server
Tweet Today we will talk about practical implementation of SMBRelay attack through one of the famous software which very often becomes a part of ERP systems. This is MS SQL server. The last version is...
View ArticleSMBRelay bible 3. SMBRelay by Oracle
Tweet Like in the previous post, we'll talk about methods which need only non-privileged rights. Because we have too many ways for SMB Relay for privileged accounts, much depends from current...
View ArticleSMBRelay Bible 4: SMBrelay with no action or attacking security software (...
Tweet When we talk about SMB Relay attacks we describe some actions from attacker which make Incoming NTLM authentication process from server "A" possible and then relay it to server "B". Finally...
View ArticleSMBRelay Bible 5: SMBRelay attacks on corporate users
Tweet Today we will talk about client-side attacks. An attack of a network is a progressive action. Usually, we escalate our rights step-by-step from nothing to a domain administrator. Even casual...
View ArticleSMBRelay Bible 6: SMBRelay attacks on corporate users part 2
Tweet Let's continue our talk about variants of client-side attacks and turn our attention to MS Office's documents.As it was written in last blog post, we can create crafted Office's document and...
View ArticleSMBRelay Bible 7: SSRF + Java + Windows = Love
Tweet SSRF attack is becoming famous and gets a lot of attention this year. Our company has performed some research in this area, and we got some interesting results, some interesting nuances which...
View Article
More Pages to Explore .....