I wrote a new blog post, dissecting the Linux BPFDoor malware solely with strace (and a bit of ltrace). 🤓
Notices by Stephan Berger (malmoeb@infosec.exchange)
-
Embed this notice
Stephan Berger (malmoeb@infosec.exchange)'s status on Friday, 02-Feb-2024 18:45:31 JST 
Stephan Berger
-
Embed this notice
Stephan Berger (malmoeb@infosec.exchange)'s status on Friday, 19-Jan-2024 19:35:00 JST
Stephan Berger
I posted recently about how an attacker used a misconfiguration in ADCS (Active Directory Certificate Services) to gain Domain Admin rights within the network.
@JimSycurity made me aware of Locksmith [1]: A small tool built to detect and fix common misconfigurations in Active Directory Certificate Services.
Locksmith will find common issues and attack paths, and for many of them, give you cmdlets you can run to resolve the issues yourself, or you can allow Locksmith to make fixes for you.
@NaderZaveri from Mandiant informed me of the "Modern Attack Paths, Mitigations, and Hardening" guide, detailing the various attack paths against ADCS and how to mitigate them.
So folks, check out Locksmith and the guide from Mandiant to secure your ADCS environment. Good luck ☘️
[1] https://github.com/TrimarcJake/Locksmith
[2] https://services.google.com/fh/files/misc/active-directory-certificate-services-hardening-wp-en.pdf
All GNU social JP content and data are available under the