Forwarded from APT
🔑 Abuse Kerberos RC4 (CVE-2022-33679)
This blog post goes into detail on how Windows Kerberos Elevation of Privilege vulnerability works and how to force Kerberos to downgrade the encoding from the default AES encryption to the historical MD4-RC4. The vulnerability could allows an attacker to obtain an authenticated session on behalf of the victim and also lead to arbitrary code execution.
Research:
https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
Exploit:
https://github.com/Bdenneu/CVE-2022-33679
#ad #kerberos #rc4 #exploit
This blog post goes into detail on how Windows Kerberos Elevation of Privilege vulnerability works and how to force Kerberos to downgrade the encoding from the default AES encryption to the historical MD4-RC4. The vulnerability could allows an attacker to obtain an authenticated session on behalf of the victim and also lead to arbitrary code execution.
Research:
https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
Exploit:
https://github.com/Bdenneu/CVE-2022-33679
#ad #kerberos #rc4 #exploit