Published on Wed 04 May 2022 by Yannick Méheut
A certificate obtained through Active Directory Certificate Services is usually used to get a TGT or recover the NT hash using PKINIT. But what can we do when it's not possible?
Published on Tue 04 January 2022 by Yannick Méheut
Yannick's write-up for the 2021 SANS Christmas Challenge.
Published on Mon 11 January 2021 by Yannick Méheut
Yannick's write-up for the 2020 SANS Christmas Challenge.
Published on Wed 01 July 2020 by Yannick Méheut
Due to overpermissive access rights on a logging folder, the DisplayLink USB Graphics software can be abused to perform privileged file operations, such as arbitrary file creation. This can be exploited, e.g. via DLL hijacking on the privileged DisplayLink process, to obtain SYSTEM privileges on the local machine.
Published on Tue 14 January 2020 by Yannick Méheut
Yannick's write-up for the 2019 SANS Christmas Challenge.
Published on Mon 14 January 2019 by Yannick Méheut
🎵 I'm dreaming of a pwned Christmaaaaas 🎵 As usual, here's my write-up for the 2018 SANS Christmas Challenge.
Published on Wed 10 January 2018 by Yannick Méheut
'Tis the season to be pwning, falalalala lalalala. Each year, the SANS team publishes a Christmas Challenge against which anyone can test their skills. This year was no exception, and here's our write-up for the 2017 SANS Christmas Challenge.