Article: Shadow Credentials-Abusing Key Trust Account Mapping for Account Takeover

A security research firm named SpectreOps recently released an article on how to take over User and Computer objects in an Active Directory using discretionary access control list (DACL) based attacks. DACL is a subsystem in Windows that deals with authorization for requesting access to Windows objects.


A tool to help identify hash types

Have you ever gotten password hashes and didn’t know what hashing algorithm generated it? There is now an open-source tool to help cyber security professionals to identify hashes called “Name That Hash.” It supports the identification of over 3000 hash formats.


CVE-2021-3560: A Newly Discover LPE that has been in Linux for 7 Years

GitHub recent published their findings on a vulnerability that has been in Linux for at least 7 years. This vulnerability is a local privilege escalation and may be the first of it’s kind found in what is a new class of vulnerabilities affecting all Linux systems using dbus.  From a user shell and attacker can gain root privileges through dbus using polkit. This affects the following popular Linux distros: Ubuntu 20.04 and Debian “Bullseye”, and RHEL 8.


Introducing FLoC: A new cookie-less tracking coming to Chrome

Looks like our big-brother friends at Google are creating a new invasive tracking technology. Beginning with Chrome version 89 Google has added a feature that will generate a unique identifier that will be sent with every web page request, when it is enabled. This new identifier is called Federated Learning of Cohorts (“FLoC”) and they are currently beta-testing it in 0.5% of browser installs in select regions and includes the US. It’s so invasive that even if a user has cookies disabled or are using an ad blocking plug-in your browsing activities can be track and associated with your Google Chrome installation.

If you don’t want the virtual white van following you around the Internet, I’d recommend moving to an alternate browser such as Firefox or the New Edge from Microsoft which is based on Chromium, the same as Google Chrome.


New Vulnerability: Microsoft Internet Information Server (CVE-2021-31166)

Researchers at TrendMicro recently discovered a bug (CVE-2021-31166) in Microsoft Internet Information Server (IIS) that affects Windows Server 2019 and Windows 10. It’s a bug in a driver that IIS utilizes: HTTP.sys. Microsoft has issued patches already so if you are using IIS on Windows Server 2019 in your infrastructure you should patch because this doesn’t require any sort of authentication and can easily be turned into a worm.


Ransomware attacks cripple a major US pipeline

I’m sure you have all most likely heard about a ransomware attack that has shutdown Colonial Pipeline, a major US fossil fuel pipeline that provides 45% of fuels to the US east coast which is causing gas prices to spike. The malware is suspected to be of Russian origins but is not suspected to be a state-sponsored attack and appears to be purely financially motived.

The hacker group calling themselves “DarkSide” claimed responsibility for the attack, but surprisingly they also issued an apology as well. They apologized for taking down a public utility and they will do research in the future to ensure that they don’t affect any critical infrastructure in future campaigns.

Gee thanks guys.


Tool Release: SSHPry v2.0

Blackhat Ethical Hacking released an update to their open-source tool called SSHPry. SSHPry is a tool that allows users to “Spy & Control on SSH Connected client’s TTY” This version added multiple features:

    1. Control of target’s TTY
    2. Built-In Keylogger
    3. Console-Level phishing
    4. Record & Replay previous sessions