Yaron Zinar

@YaronZi

Research Lead . Tweets are my own

preempt.com/blog/author/ya…
Vrijeme pridruživanja: svibanj 2013.
2 fotografije ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @YaronZi

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @YaronZi

  1. Prikvačeni tweet
    17. stu 2019.

    The talk I gave with on relay is now available online! If you haven't seen it live and you're interested in security you should definitely check it out!

    15 proslijeđenih tweetova 28 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    2. velj

    This is how we start the week! What about you? BsidesTLV 2020 CFP is open Submit and share.

    30 proslijeđenih tweetova 41 korisnik označava da mu se sviđa
    Poništi
  3. 20. pro 2019.

    I'm happy to share that the talk I've submitted with "Advanced Credential Relaying Techniques and How to Thwart Them" got accepted to . You don't want to miss this talk if you're interested with what is the latest in relay...

    1 reply 14 proslijeđenih tweetova 33 korisnika označavaju da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    10. pro 2019.

    We're seeking a Senior Software Backend Developer in our Ramat Gan office (Tel Aviv, Israel). Come join our team!

    1 proslijeđeni tweet 3 korisnika označavaju da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    14. stu 2019.

    You can use the free AD hygiene tool to analyze your network and discover all machines which don't enforce SMB signing. Enforcing SMB signing on DCs alone (which is the default config) is not enough.

    Yearly reminder that SMB signing is still one of the most critical and overlooked security controls in Active Directory networks. Enforce it everywhere possible and patch stuff immediately when I bypass for it comes out
    1 reply 14 proslijeđenih tweetova 22 korisnika označavaju da im se sviđa
    Poništi
  6. 12. stu 2019.

    was accurate: is a pig...

    1/ TLDR: is a pig. Outdated protocol with inherent insolvable problems. Due to backward compatibility Microsoft wasn't able to get rid of it. So they had to put on lipstick, makeup and mascara. But it is still a pig. Details of the attacks below (& I assume)
    Prikaži ovu nit
    6 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  7. 12. stu 2019.

    There seems to be yet another Relay issue with how NETLOGON messages are validated. (discovered by ) will allow(?) users to relay NTLM to DCs like with . Waiting for a blog with technical details

    10 proslijeđenih tweetova 42 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  8. 7. stu 2019.

    Even though more than two years had passed, this is still a relevant attack vector...

    New LDAP & RDP Relay Vulnerabilities in NTLM (2017)
    6 proslijeđenih tweetova 7 korisnika označava da im se sviđa
    Poništi
  9. proslijedio/la je Tweet
    14. lis 2019.

    [Blog] Office 365 was vulnerable to network attacks due to a vulnerability in Microsoft Teams. Here's a demo of an attacker obtaining access to all emails and OneDrive/SharePoint files if the victim joins an attacker controlled network. Details:

    13 replies 531 proslijeđeni tweet 903 korisnika označavaju da im se sviđa
    Poništi
  10. 8. lis 2019.

    not sure if you've noticed this. You'll definitely like it... 😉

    1 reply 3 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  11. 8. lis 2019.

    Two new vulnerabilities in NTLM. 1. Allowing attacker to drop the MIC (again!) and relay SMB session credentials. 2. Relaying sessions with LMv2 reaponses. If exploited, these can lead to account/domain compromise. .

    146 proslijeđenih tweetova 249 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    7. lis 2019.

    Just merged PR into master. Nice feature, thanks a lot Rich!

    Added support for SMB2 snapshot listing/browsing/downloading to impacket. Cool feature for dumping NTDS etc. over pure SMB
    1 reply 29 proslijeđenih tweetova 60 korisnika označava da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    25. ruj 2019.

    Just tagged a new stable impacket (0.9.20) version. Python 3.x support added (tested in 3.6). More info & download: and

    5 replies 83 proslijeđena tweeta 154 korisnika označavaju da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    12. ruj 2019.

    After issuing an advisory to turn on LDAP signing & channel binding, is changing the default configuration (starting January 2020) to enable those settings. Really excited about this change! Especially after our latest NTLM Relay talks

    16 proslijeđenih tweetova 37 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    11. ruj 2019.

    Seems Microsoft is finally taking a stance against NTLM relaying to LDAP, by enforcing LDAP signing and channel binding by default starting January 2020. This is a big and important change to improve AD security, especially from a network point of view!

    Microsoft strongly advises customers... always a warning, especially if it involves DCs and LDAP and MS announces upcoming changes
    5 replies 161 proslijeđeni tweet 347 korisnika označava da im se sviđa
    Poništi
  16. proslijedio/la je Tweet
    30. kol 2019.

    Did you know: 1. Computer objects in AD can be added to the local admins group on other computers. 2. NT AUTHORITY\SYSTEM authenticates to other systems as the AD computer principal 3. Privileged computer accounts are VERY common, and typically overlooked. basics

    7 replies 192 proslijeđena tweeta 539 korisnika označava da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    30. kol 2019.

    Note that remote code execution is possible when SMB signing is disabled. Ex: Exchange Servers(ES) are often admins on each other. Attacker coerces one ES to auth to the attacker(e.g. w/SpoolSample) and the attacker NTLM relays to the other ES. I've exploited this more than once.

    Did you know: 1. Computer objects in AD can be added to the local admins group on other computers. 2. NT AUTHORITY\SYSTEM authenticates to other systems as the AD computer principal 3. Privileged computer accounts are VERY common, and typically overlooked. basics
    65 proslijeđenih tweetova 188 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    22. kol 2019.

    Muscular Dystrophy killed my mother, her brother, and her father. Now it's killing my sister. Here's my ask: if you have benefited from , don't buy me a beer. Instead, donate whatever amount you can to MDA using this link:

    5 replies 233 proslijeđena tweeta 241 korisnik označava da mu se sviđa
    Poništi
  19. proslijedio/la je Tweet
    25. kol 2019.

    If you weren’t in Vegas for and , and I will be presenting the results of our NTLM research in a webinar this Tuesday, everyone is welcome, Q&A at the end included 🙂

    1 reply 5 proslijeđenih tweetova 18 korisnika označava da im se sviđa
    Poništi
  20. 21. kol 2019.

    great to see is taking action to reduce attack surface by advising customers to enable LDAP relay mitigations. We talked about these issues at our and talks.

    1 reply 39 proslijeđenih tweetova 68 korisnika označava da im se sviđa
    Poništi

@YaronZi još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·