[Dailydave] The next age of strategic surprise
Andre Gironda
andreg at gmail.com
Mon May 2 12:19:03 EDT 2016
On Mon, May 2, 2016 at 8:36 AM, dave aitel <dave at immunityinc.com> wrote:
> To sum up a few things: Those of you who engaged in laughing at how lame
> Badlock was were all wrong
Andre Gironda, April 13 at 2:47pm ·
This banter about BadLock is another great reason to hate the infosec community.
The vulnerabilities around BadLock have been known since as early as
2007. Dino Dai Zovi had a whole slide deck describing the attacks way
back in the day. Microsoft and SMB environments are not protected
because of the basics --
https://digital-forensics.sans.org/blog/2012/09/18/protecting-privileged-domain-accounts-network-authentication-in-depth
The original partial fix is well-documented as MS08-068, which every
security professional should already know because SMB Relay is the
centerpoint of lateral movement. We have no idea why Microsoft lagged
behind on making this a bigger deal since that time. It is a big deal.
Nearly every position on nearly every Enterprise network provides this
attack as a pivot.
dre
More information about the Dailydave
mailing list