Yaron Zinar
NTLM Keeps Haunting Microsoft
Two severe Windows NT LAN Manager (NTLM) vulnerabilities were recently disclosed: PetitPotam and AD-CS relay (specifically ESC8). These vulnerabilities follow a pattern of NTLM issues in recent years.[…]
How to Easily Bypass EPA to Compromise Any Web Server that Supports Windows Integrated Authentication
This blog was originally published on June 11, 2019. Researchers from Preempt (now CrowdStrike), have discovered how to bypass the Enhanced Protection for Authentication (EPA) mechanism to successfull[…]
Critical Vulnerabilities in NTLM Allow Remote Code Execution and Cloud Resources Compromise
This blog was originally published on June 11, 2019. On June 2019 Patch Tuesday, Microsoft released patches for CVE-2019-1040 and CVE-2019-1019, two vulnerabilities discovered by Preempt (now CrowdStr[…]
Moving beyond Indicators of Compromise (IOCs)
This blog was originally published on March 13, 2018. On March Patch Tuesday, Microsoft released a patch for CVE-2018-0886, a vulnerability discovered by Preempt (now CrowdStrike) researchers. The vul[…]
CVE-2014-1761 - The Alley of Compromise
This blog was originally published on July 14, 2020. On July 14, 2020 Patch Tuesday, Microsoft released a patch for CVE-2020-1267, an important vulnerability in the Active Directory (AD) identity stor[…]
Mattress Retailer Puts Log Management Issues to Bed with Humio: Modern Log Management Solution Improves DevOps Observability
This blog was originally published on May 15, 2020. Maze ransomware is a malware targeting organizations worldwide across many industries. It is believed that Maze operates via an affiliated network w[…]