Dailydave mailing list archives
Re: The next age of strategic surprise
From: Dominique Brezinski <dominique.brezinski () gmail com>
Date: Tue, 3 May 2016 07:11:31 -0700
Actually, the core vulnerability was disclosed in 1996, and I spoke about it at Black Hat in 1997: http://www.blackhat.com/html/bh-usa-97/speakers.html There have been a bunch of derivations of it as Microsoft and Samba changed the protocols and implementations slightly. The core vulnerability has a bunch of variations including reflection, active MITM, credential relaying, etc. The variations have caused further confusion over the years, in some cases causing several people to think they discovered something new. See https://www.veracode.com/blog/2008/11/credit-for-researchers On Mon, May 2, 2016 at 9:19 AM, Andre Gironda <andreg () gmail com> wrote:
On Mon, May 2, 2016 at 8:36 AM, dave aitel <dave () immunityinc com> wrote:To sum up a few things: Those of you who engaged in laughing at how lame Badlock was were all wrongAndre Gironda, April 13 at 2:47pm ยท This banter about BadLock is another great reason to hate the infosec community. The vulnerabilities around BadLock have been known since as early as 2007. Dino Dai Zovi had a whole slide deck describing the attacks way back in the day. Microsoft and SMB environments are not protected because of the basics -- https://digital-forensics.sans.org/blog/2012/09/18/protecting-privileged-domain-accounts-network-authentication-in-depth The original partial fix is well-documented as MS08-068, which every security professional should already know because SMB Relay is the centerpoint of lateral movement. We have no idea why Microsoft lagged behind on making this a bigger deal since that time. It is a big deal. Nearly every position on nearly every Enterprise network provides this attack as a pivot. dre _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- The next age of strategic surprise dave aitel (May 02)
- Re: The next age of strategic surprise Andre Gironda (May 02)
- Re: The next age of strategic surprise Dominique Brezinski (May 06)
- Re: The next age of strategic surprise Kristian Erik Hermansen (May 09)
- Re: The next age of strategic surprise Dominique Brezinski (May 06)
- Re: The next age of strategic surprise Andre Gironda (May 02)