1 Vulnerability Overview Recently, the NSFOCUS M01N team released the Analysis of Privilege Escalation Attacks by Exploiting Resource-based Constrained Delegation, in which they describe the principle of attacks launched by exploiting the resource-based constrained delegation, so as to escalate privileges of domain hosts. For details, click the following link: http://blog.nsfocus.net/analysis-attacks-entitlement-resource-constrained-delegation/...
Categoria: Blog
Windows Domain Machines Local Privilege Escalation Attack Threat Alert
Overview A security researcher from Shenanigans Labs disclosed a method of attacking the Active Directory by abusing resource-based constrained delegation. This would impose a serious threat to domain environments as an attacker could make a common domain user access services on local computers as a domain administrator, thus escalating local...
IP Reputation Report-03152019
Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at March 15, 2019. (mais…)
Daily Communication——Business Chat Groups
Case Analysis Chat groups convenience communication, but contain great risks, which include ill-disposed persons impersonating the company's employees, information disclosure as a result of chat group hacking, and resigned employees lurking in the group for malicious purposes. (mais…)
Chrome and Windows 7 32-Bit Vulnerabilities Threat Alert
Overview On March 7 (local time), Google released a security advisory to announce the existence of a Microsoft Windows vulnerability. According to Google, this local privilege escalation vulnerability could be exploited together with the vulnerability (CVE-2019-5786) in Google Chrome announced last week, to take control of the machine of the...
Technical Report on Container Security (V)-1
Security Tools—Open-Source Security Tool Kubernetes In addition to commercial software, open-source software projects can also provide some security functions. This document describes several open-source projects that are usually used for protection of non-critical business. (mais…)
