Yaron Zinar
NTLM Keeps Haunting Microsoft
Two severe Windows NT LAN Manager (NTLM) vulnerabilities were recently disclosed: PetitPotam and AD-CS relay (specifically ESC8). These vulnerabilities follow a pattern of NTLM issues in recent years.[…]
How to Easily Bypass EPA to Compromise Any Web Server that Supports Windows Integrated Authentication
This blog was originally published on June 11, 2019. Researchers from Preempt (now CrowdStrike), have discovered how to bypass the Enhanced Protection for Authentication (EPA) mechanism to successfull[…]
Critical Vulnerabilities in NTLM Allow Remote Code Execution and Cloud Resources Compromise
This blog was originally published on June 11, 2019. On June 2019 Patch Tuesday, Microsoft released patches for CVE-2019-1040 and CVE-2019-1019, two vulnerabilities discovered by Preempt (now CrowdStr[…]
Critical Vulnerability in CredSSP Allows Remote Code Execution on Servers Through MS-RDP
This blog was originally published on March 13, 2018. On March Patch Tuesday, Microsoft released a patch for CVE-2018-0886, a vulnerability discovered by Preempt (now CrowdStrike) researchers. The vul[…]
Integer Overflow in Active Directory (CVE-2020-1267)
This blog was originally published on July 14, 2020. On July 14, 2020 Patch Tuesday, Microsoft released a patch for CVE-2020-1267, an important vulnerability in the Active Directory (AD) identity stor[…]
Maze Ransomware Analysis and Protection
This blog was originally published on May 15, 2020. Maze ransomware is a malware targeting organizations worldwide across many industries. It is believed that Maze operates via an affiliated network w[…]