In this second super short post, I want to explore an unusual Group Policy Object (GPO) configuration I recently encountered. The GPO in question used a File Preference policy to copy a custom HOST…| Decoder's Blog
Recently, there's been some good research into further exploiting DCOM authentication that I initially reported to Microsoft almost 10 years ago. By inducing authentication through DCOM it can be relayed to a network service, such as Active Directory Certificate Services (ADCS) to elevated privileges and in some cases get domain administrator access.| Tyranid's Lair
NTLM relay is a technique of standing between a client and a server to perform actions on the server while impersonating the client. Protections such as SMB signing or MIC allow to limit the actions of an attacker. This article goes into detail about this technique to understand how it works and what are its limits.| hackndo