Typically when installing major linux distros they make it easy to select encryption as an option to have encrypted block devices. This is great! The not so great part is the linux kernel and the initial ramdisk aren't typically invited to the party; they are left sitting in a separate and unencrypted /boot partition. Historically it has been necessary to leave /boot unencrypted because bootloaders didn't support decrypting block devices.

Back in March 2018, I embarked on an arguably pointless crusade to prove that the TrustedToAuthForDelegation attribute was meaningless, and that “protocol transition” can be achieved without it. I believed that security wise, once constrained delegation was enabled (msDS-AllowedToDelegateTo was not null), it did not matter whether it was configured to use “Kerberos only” or “any authentication protocol”. I started the journey with Benjamin Delpy’s (@gentilkiwi) help modifying Kekeo to support a certain attack that involved invoking S4U2Proxy with a silver ticket without a PAC, and we had partial success, but the final TGS turned out to be unusable. Ever since then, I kept coming back to it, trying to solve the problem with different approaches but did not have much success. Until I finally accepted defeat, and ironically then the solution came up, along with several other interesting abuse cases and new attack techniques.

La technique du Pass the Hash est extrêmement utilisée lors de mouvement latéral, composante essentielle dans une attaque. Nous allons détailler comment cette technique fonctionne, quelles sont ses possibilités et ses limites.

Dans cet article nous présentons le principe et le fonctionnement de l’authentification NTLM ainsi que les attaques NTLM relay ou attaques par relais NTLM.

The RADIUS protocol is commonly used to control administrative access to networking gear. Despite its importance, RADIUS hasn’t changed much in decades. We discuss an attack on RADIUS as a case study for why it’s important for legacy protocols to keep up with advancements in cryptography.

Trouvez les principes élémentaires de délégation, de suppression d’autorisations, d’utilisation des outils intégrés pour trouver les autorisations qui ont été déléguées.

Une façon d'améliorer la posture de sécurité est d'identifier les serveurs dont la délégation sans contrainte est activée. Pour en savoir plus, consultez le blog de Semperis.

This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL - dev-sec/ansible-collection-hardening

Protocoles NBT-NS, LLMNR? Link-Local Multicast Name Resolution (LLMNR) et Netbios Name Service (NBT-NS) sont deux composants présents en environnement Microsoft. LLMNR a été introduit dans Windows Vista et est le successeur de NBT-NS. Ces composants permettent d’aider à identifier des hôtes sur le même sous-réseau lorsque les services DNS centraux échouent. Ainsi, si une machine tente de

Related-domain attackers control a sibling domain of their target web application, e.g., as the result of a subdomain takeover. Despite their additional power over traditional web attackers, related-domain attackers received only limited attention from the research community. In this paper we define and quantify for the first time the threats that related-domain attackers pose to web application security. In particular, we first clarify the capabilities that related-domain attackers can acquire through different attack vectors, showing that different instances of the related-domain attacker concept are worth attention. We then study how these capabilities can be abused to compromise web application security by focusing on different angles, including cookies, CSP, CORS, postMessage, and domain relaxation. By building on this framework, we report on a large-scale security measurement on the top 50k domains from the Tranco list that led to the discovery of vulnerabilities in 887 sites, where we quantified the threats posed by related-domain attackers to popular web applications.

How long does it take to steal your Bitlocker keys? Try 43 seconds, using less than $10 in hardware. Encrypting your hard drive is good security. If you're running Windows, the most popular system is ...

L’origine des failles est souvent involontaire, mais résider dans la conception du logiciel. Voici des conseils pour renforcer votre code.

Les DOM-based XSS sont des failles web particulièrement méconnues. Principes, exploitations, nous détaillons les DOM XSS et les bonnes pratiques sécurité.

FIDO consists of 3 protocols for strong web app authentication: Universal 2nd Factor (U2F), Universal Authentication Framework (UAF), and WebAuthn (FIDO 2)

This article provides general guidance for securing SQL Server running in an Azure virtual machine.