๐บ๐ฆ ๐บ๐ฆ ๐บ๐ฆ elkement's Science/Art/Engineering blog. #StandWithUkraine ๐บ๐ฆ ๐บ๐ฆ ๐บ๐ฆ
In May, Microsoft has fixed a bug that allowed normal users to impersonate Domain Controllers. This bug allowed non-privileged users to obtain a logon certificate issued to a domain controller, because users can write to the Active Directory attribute dnsHostNameof a computer they have joined to the domain. If a machine can enroll for a … Continue reading Defused That SAN Flag!
I am writing about that PKI stuff again. I am running out of ideas for catchy introductions. So, here is a new post with old code! In Active Directory a UPN is mapped to a user automatically if it matches a user's LDAP attribute userPrincipalName (and a DNS SAN is mapped to dnsHostName).ย A Windows … Continue reading How to Add a Subject Alternative Name Safely
I am back to my favorite security research: How to abuse certificates in a Windows / Active Directory environment! If an Active Directory integrated certification authority sign a certificate with a custom Subject Alternative Name of your choosing, you can impersonate any administrator in an AD forest. I've published two blog posts about how to … Continue reading Rogue Certificate Challenge: No Hardware Tokens, No Linux, Just a Web Server with Certificate Mapping.
Some public key infrastructures run quietly in the background since years. They are half forgotten until the life of a signed file has come to an end - but then everything is on fire. In contrast to other seemingly important deadlines (Management needs this until XY or the world will come to an end!) this … Continue reading Certificates and PKI. The Prequel.
Recently I read a lot about reverse engineering -ย in relation to malware research. I for one simply wanted to get ancient and hardly documented HVAC engineering software to work. The software in question should have shown a photo of the front panel of a device - knobs and displays - augmented with current system's … Continue reading Reverse Engineering Fun
elkemental Force 