Detecting and Hunting for the PetitPotam NTLM Relay Attack

Overview During the week of July 19th, 2021, information security researchers published a proof of concept tool named “PetitPotam” that exploits a flaw in Microsoft Windows Active Directory Certificate Servers with an NTLM relay attack.  The flaw allows an attacker to gain administrative privileges of an Active Directory Certificate Server once on the network with … Continue reading Detecting and Hunting for the PetitPotam NTLM Relay Attack

Tool Release – Winstrument: An Instrumentation Framework for Windows Application Assessments

by George Osterweil Winstrument is a modular framework built on top of Frida designed to help testers reverse engineer Windows applications and assess their attack surface. Motivation Winstrument is built on top of Frida, a powerful dynamic instrumentation framework which aids reverse engineering and debugging by injecting into a process a Javascript runtime with an … Continue reading Tool Release – Winstrument: An Instrumentation Framework for Windows Application Assessments

Jailbreak, updated and open-sourced

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Jailbreak, updated and open-sourced 19 Jan 2015 - Jason Copenhaver Jailbreak allows a user to export certificates from Microsoft certificate stores even if the certificate has been marked as non-exportable; this can be useful … Continue reading Jailbreak, updated and open-sourced