Just got off phone with a client. Log4j is in their network. Vendor claims patch will be available next release... which is multiple months from now.
Here's what you do if you're in this situation.
1. Keep calm. There's no need to panic.
2. Carefully read this thread.
1/?
The strangest thing about InfoSec is companies being obsessed with SSL/TLS issues often times worrying about impractical theoretic attacks on websites that host static content with no logins/sensitive data vs doing something like disabling macros.
I don't think InfoSec Managers or HR realize how rapidly salaries are changing right now.
A friend of mine took a new job <1 year ago for 25% more pay, and just got a new offer for >75% more pay than that. Same specialty. No relocation.
Initial recon steps from Conti CS manual. Literally the first commands in the manual. This should bring comfort to any org that has prioritized pentesting/detection engineering to any degree.
Here is a first draft on an NTLM relay mindmap 🙂 from authentication coercion to post-relay exploitation. I'll gladly update/correct it if you think there are things wrong or missing.
➡️Featured on The Hacker Recipes https://t.co/0y4cOkMcTb
I'm releasing my tool to exploit AD CS relaying. It will automate most the steps required for both local and domain privilege escalation. The images below show how it can be used to get a beacon as system on a domain controller.
I've spoken to 2,000+ companies over the last 12 months about their plans for remote work going forward
Here are a few things I've learned
[ a thread ] 💻🏠🌍