Trending

Researchers Hacked EV Car Chargers To Execute Arbitrary Code

By CyberMrfu3k -
EVs face significant cyber risks due to their reliance on interconnected systems and the increasing number of public charging stations, which often lack robust security measures.  Vulnerabilities in EV software and charging infrastructure can expose vehicles to malware, unauthorized access, and potential control by hackers. During Pwn2Own Automotive 2024 in Tokyo, cybersecurity researchers hacked  EV car chargers  to execute arbitrary code. Researchers Hacked EV Car Chargers At the Pwn2Own Automotive 2024 event, researchers exploited three EV chargers:-  Autel MaxiCharger (MAXI US AC W12-L-4G) ChargePoint Home Flex JuiceBox 40 Smart EV Charging Station  They executed arbitrary code via Bluetooth while focusing on the Autel MaxiCharger, and this uncovered the “CVE-2024-23958,” “CVE-2024-23959,” and “CVE-2024-23967”  vulnerabilities . The features of the charger include WiFi, Ethernet, Bluetooth, 4G LTE, RFID, LCD touchscreen, RS485, and a USB-C port. Its har...
Post a Comment

Breaking Down AD CS Vulnerabilities

By CyberMrfu3k -

In the world of cybersecurity, vulnerabilities are discovered so often, and at such a high rate, that it can be very difficult to keep up with. Some vulnerabilities will start ringing alarm bells within your security tooling, while others are far more nuanced, but still pose an equally dangerous threat. Today, we want to discuss one of these more nuanced vulnerabilities as it is likely lurking in your environment waiting to be exploited: Active Directory Certificate Services vulnerabilities.

Security researcher recently implemented an attack vector specifically designed to identify and mitigate these hidden AD CS threats. But first, let's explore why AD CS vulnerabilities are so dangerous and how they work.

What is Active Directory Certificate Services:-

Active Directory Certificate Services ("AD CS"), as defined by Microsoft is, "a Windows Server role for issuing and managing public key infrastructure (PKI) certificates used in secure communication and authentication protocols." Some common features and services that rely on AD CS are:

  • The Windows Logon Process
  • Enterprise VPN and Wireless Networks
  • Email Encryption and Digital Signatures
  • Smart Card Authentication

As companies continue to increase the variety of technologies available within their organizations, AD CS will become more common and more necessary, especially as companies continue to host their services in the cloud. Many AWS, Azure and GCP services require certificate-based authentication to function, so it is expected that AD CS will become an increasingly prominent and required service in modern multi-cloud networks.

Hidden hazards:-

As with all powerful tools, there is a responsibility to maintain these tools properly, as they can very often be misused without the proper safeguards. This is indeed the case with AD CS. Since AD CS is a core component of the modern Windows and Active Directory authentication and authorization framework, any vulnerabilities that exist pose a great risk to those environments. As we saw 6-7 years ago with Kerberos, and continue to see today, if key authentication infrastructure is compromised, it can be abused to great lengths. The same is the case with AD CS, if not to a greater extent.

AD CS Attack Basics:-

AD CS attacks rely on the fact that the domain trusts the Certificate Authority ("CA") server as much as it trusts its Kerberos servers and other identity servers. Think of the CA server as a gatekeeper. Just as a gatekeeper controls access to a secure area, the CA server controls the distribution and validation of certificates, ensuring that only trusted entities can gain access.

However, AD CS attacks leverage this fact in order to circumvent the need for things like passwords or encryption keys. There are four major classes of AD CS vulnerabilities:

  • ESC – This class of vulnerabilities results in some level of privilege escalation within the victim network / domain. Attackers can abuse these vulnerabilities to convert their access from a low- privileged user, to the domain administrator, with little to no effort.
  • THEFT – These vulnerabilities are present when there are not significant security controls around the client endpoint, which allow for the authentication certificates to be stolen, resulting in either privilege escalation or persistence in the environment.
  • PERSIST – As the name states, these vulnerabilities result in a situation in the network environment in which the attacker can abuse their access to a certificate in order to persist their access in an environment, without the need for a password.
  • CVE – Separate from the first three classes, these vulnerabilities are based on abusing certain known vulnerabilities within AD CS that have patches.

Critically worth noting is that, while Microsoft does track and have patches released for the AD CS vulnerabilities that have been assigned CVEs, for the majority of these vulnerabilities, Microsoft puts the onus of repair and security on the consumer, which leads to the presence of these vulnerabilities much more often.

Refer to the links for further information:-

https://thehackernews.com/2024/08/breaking-down-ad-cs-vulnerabilities.html

https://book.hacktricks.xyz/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation

Comments

Post a Comment

Popular posts from this blog

Ninjutsu OS- Windows based pentesting distribution

By -
Image
Ninjutsu Project Hey everyone. Hope you all are doing good. Today I came across a post in Linkedin by Hasan , a Red team Penetration tester. It's as follows I started exploring and came to know about this distribution. A Windows based pentesting distribution!!  Sound exciting right? Within few minutes i ended up downloading the OS (17gb -_- ) Don't forget to visit their official blog and support the developer if you like his work.
Read more

Fog Ransomware

By CyberMrfu3k -
Image
‛Fog’ Ransomware Rolls in to Target many Sectors. A new group of hackers is encrypting data in virtual machines, leaving ransom notes, and calling it a day. A new ransomware operation has been performing old-fashioned ransomware attacks, locking up data in virtual environments to earn quick payouts. Attack Vectors • Fog attacks typically begin with stolen virtual private network (VPN) credentials, an increasingly popular means of initial access into sizable organizations. The group has exploited two different VPN gateway vendors thus far, which Arctic Wolf has declined to name. • In one case, for example, Fog passed the hash to compromise administrator accounts in its target’s network. It then used the accounts to establish a remote desktop protocol (RDP) connection with Windows servers running the Hyper-V hypervisor and Veeam data protection software. • Other common Fog tactics, techniques, and procedures (TTPs) include credential stuffing, using native Windows and open-source tools l...
Read more

New PIXHELL Attack Exploits Screen Noise to Exfiltrates Data from Air-Gapped Computers

By CyberMrfu3k -
Image
Security researchers have unveiled new techniques that allow attackers to exfiltrate sensitive data from air-gapped computers, which are systems physically isolated from unsecured networks. Despite air gaps being a strong security measure, these attacks demonstrate that determined adversaries can still find ways to breach such systems. Dr. Mordechai Guri and his team at Ben-Gurion University in Israel have published multiple papers detailing various  covert channels  that can be used to leak data from air-gapped systems. Their latest  research focuses  on exploiting computer components’ electromagnetic, acoustic, thermal, and optical emanations to transmit data to nearby receivers. One attack, dubbed  RAMBO  (Radiation of Air-gapped Memory Bus for Offense), exploits electromagnetic emissions from a computer’s RAM to leak data. Malware can generate controlled radio signals that encode stolen information by manipulating memory access patterns. Using a softwar...
Read more