Articles by @lowercase_drm

Post-Exploiting an F5 Big-IP: root, and now what?

Published on Wed 29 May 2024 by @lowercase_drm, myst404 (@myst404_)

This article describes multiple post-exploitation techniques specific for F5 BIG-IP. It includes capabilities like intercepting/decrypting TLS traffic or decrypting secrets in the Secure Vault. Detection methods are provided for Blue Teams.


LDAP authentication in Active Directory environments

Published on Tue 31 October 2023 by @lowercase_drm

Understanding the different types of LDAP authentication methods is fundamental to apprehend subjects such as relay attacks or countermeasures. This post introduces them through the lens of Python libraries.


Bypassing LDAP Channel Binding with StartTLS

Published on Thu 28 April 2022 by @lowercase_drm

While doing research on LDAP client certificate authentication, we realized that the LDAP implementation of Active Directory supports the StartTLS mechanism, which has interesting implications on relay attacks.