Daily Archives: May 23, 2022

Evading FireEye EX Email Filtering with the Dirty Screen Attack

BlogBy Trainer May 23, 2022 Leave a comment

Timeline Reported to FireEye on May 7th FireEye confirmed receipt of the vulnerability disclosure and stated that it was already a known issue being prioritized for a future release FireEye EX releases update to remediate this issue on August 13th Inspect What You Expect Organizations spend heavily on security tool suites designed to detect, block,…

Using CA Process Automation to Get Command Execution as SYSTEM

BlogBy Trainer May 23, 2022 Leave a comment

On internal penetration tests, it is common to get a foothold using man-in-the-middle techniques such as Link-Local Multicast Name Resolution (LLMNR) or WPAD. On a recent engagement, we encountered an added challenge because NetBios over TCP was disabled and WPAD was configured correctly. At this point, it is typical to begin hunting for systems with…