Defused That SAN Flag!

In May, Microsoft has fixed a bug that allowed normal users to impersonate Domain Controllers. This bug allowed non-privileged users to obtain a logon certificate issued to a domain controller, because users can write to the Active Directory attribute dnsHostNameof a computer they have joined to the domain. If a machine can enroll for a … Continue reading Defused That SAN Flag!

How to Add a Subject Alternative Name Safely

I am writing about that PKI stuff again. I am running out of ideas for catchy introductions. So, here is a new post with old code! In Active Directory a UPN is mapped to a user automatically if it matches a user's LDAP attribute userPrincipalName (and a DNS SAN is mapped to dnsHostName).ย  A Windows … Continue reading How to Add a Subject Alternative Name Safely

Rogue Certificate Challenge: No Hardware Tokens, No Linux, Just a Web Server with Certificate Mapping.

I am back to my favorite security research: How to abuse certificates in a Windows / Active Directory environment! If an Active Directory integrated certification authority sign a certificate with a custom Subject Alternative Name of your choosing, you can impersonate any administrator in an AD forest. I've published two blog posts about how to … Continue reading Rogue Certificate Challenge: No Hardware Tokens, No Linux, Just a Web Server with Certificate Mapping.

Certificates and PKI. The Prequel.

Some public key infrastructures run quietly in the background since years. They are half forgotten until the life of a signed file has come to an end - but then everything is on fire. In contrast to other seemingly important deadlines (Management needs this until XY or the world will come to an end!) this … Continue reading Certificates and PKI. The Prequel.

Reverse Engineering Fun

Recently I read a lot about reverse engineering -ย  in relation to malware research. I for one simply wanted to get ancient and hardly documented HVAC engineering software to work. The software in question should have shown a photo of the front panel of a device - knobs and displays - augmented with current system's … Continue reading Reverse Engineering Fun