funsec mailing list archives
Re: Fwd: Third-party application developers and the WMF flaw
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 17 Jan 2006 14:49:27 +0100
* Col:
I would have to say theres quite a few things MS know about and arent telling. I have had a consultant brag about being able to compromise our whole root AD domain using basic techniques and no tools. All he needed was phyisical or RDP access to a DC (in the child domain) using a non-privilaged account.
But this is rather well-documented AFAIK. In an AD tree, trust propagates both ways for some obscure technical reasons. (I'm not a Windows networking guy, don't ask me about details.) _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Third-party application developers and the WMF flaw Richard M. Smith (Jan 16)
- Message not available
- Fwd: Third-party application developers and the WMF flaw Col (Jan 16)
- Re: Third-party application developers and the WMF flaw TheGesus (Jan 16)
- Re: Fwd: Third-party application developers and the WMF flaw Florian Weimer (Jan 17)
- Re: Fwd: Third-party application developers and the WMF flaw Col (Jan 18)
- Fwd: Third-party application developers and the WMF flaw Col (Jan 16)
- Message not available
- Re: Third-party application developers and the WMF flaw Gadi Evron (Jan 17)
- Infecting OEM Images Larry Seltzer (Jan 19)
- RE: Infecting OEM Images Richard M. Smith (Jan 19)
- Re: Infecting OEM Images Pierre Vandevenne (Jan 19)