Month: <span>December 2020</span>

The Dangers of Endpoint Discovery in VIPRE Endpoint Security

This post documents a security mis-configuation I observed in VIPRE Endpoint Security with Endpoint Discovery.  A few years ago, I published a blog post titled The Dangers of Client Probing on Palo Alto Firewalls, which detailed how client probing feature on Palo Alto firewalls can leak service account password hashes.  This issue is very similar…


Dumping LAPS Passwords from Linux

Following my previous posts on Managing Active Directory groups from Linux and Alternative ways to Pass the Hash (PtH), I want to cover ways to perform certain attacks or post-exploitation actions from Linux.  I’ve found that there are two parallel ways to operate on an internal network, one being through a compromised (typically Windows) host,…


Alternative ways to Pass the Hash (PtH)

Do you remember the first time you passed the hash?  It probably went a little something like this:

If you are unfamiliar, that is the Metasploit PSexec module being used. Well, nowadays we don’t really do that anymore.  You probably pass the hash something like this:

That is CrackMapExec being used to pass…