[Dailydave] The next age of strategic surprise
Dominique Brezinski
dominique.brezinski at gmail.com
Tue May 3 10:11:31 EDT 2016
Actually, the core vulnerability was disclosed in 1996, and I spoke about
it at Black Hat in 1997:
http://www.blackhat.com/html/bh-usa-97/speakers.html
There have been a bunch of derivations of it as Microsoft and Samba changed
the protocols and implementations slightly. The core vulnerability has a
bunch of variations including reflection, active MITM, credential relaying,
etc. The variations have caused further confusion over the years, in some
cases causing several people to think they discovered something new. See
https://www.veracode.com/blog/2008/11/credit-for-researchers
On Mon, May 2, 2016 at 9:19 AM, Andre Gironda <andreg at gmail.com> wrote:
> On Mon, May 2, 2016 at 8:36 AM, dave aitel <dave at immunityinc.com> wrote:
> > To sum up a few things: Those of you who engaged in laughing at how lame
> > Badlock was were all wrong
>
> Andre Gironda, April 13 at 2:47pm ·
>
> This banter about BadLock is another great reason to hate the infosec
> community.
>
> The vulnerabilities around BadLock have been known since as early as
> 2007. Dino Dai Zovi had a whole slide deck describing the attacks way
> back in the day. Microsoft and SMB environments are not protected
> because of the basics --
>
> https://digital-forensics.sans.org/blog/2012/09/18/protecting-privileged-domain-accounts-network-authentication-in-depth
>
> The original partial fix is well-documented as MS08-068, which every
> security professional should already know because SMB Relay is the
> centerpoint of lateral movement. We have no idea why Microsoft lagged
> behind on making this a bigger deal since that time. It is a big deal.
> Nearly every position on nearly every Enterprise network provides this
> attack as a pivot.
>
> dre
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160503/e1243fc8/attachment.html>
More information about the Dailydave
mailing list