Twitter | Search | |
Yaron Zinar
Research Lead . Tweets are my own
108
Tweets
145
Following
272
Followers
Tweets
Yaron Zinar Oct 15
This client should work. We will probably soon release sample code.
Reply Retweet Like
Yaron Zinar retweeted
Dirk-jan Oct 14
[Blog] Office 365 was vulnerable to network attacks due to a vulnerability in Microsoft Teams. Here's a demo of an attacker obtaining access to all emails and OneDrive/SharePoint files if the victim joins an attacker controlled network. Details:
Reply Retweet Like
Yaron Zinar Oct 10
What NTLM client are you testing it with? The behavior is client dependant...
Reply Retweet Like
Yaron Zinar Oct 8
Replying to @YuvalRonSec
Great work!
Reply Retweet Like
Yaron Zinar Oct 8
Replying to @_dirkjan
not sure if you've noticed this. You'll definitely like it... 😉
Reply Retweet Like
Yaron Zinar Oct 8
Two new vulnerabilities in NTLM. 1. Allowing attacker to drop the MIC (again!) and relay SMB session credentials. 2. Relaying sessions with LMv2 reaponses. If exploited, these can lead to account/domain compromise. .
Reply Retweet Like
Yaron Zinar retweeted
Alberto Solino Oct 7
Just merged PR into master. Nice feature, thanks a lot Rich!
Reply Retweet Like
Yaron Zinar retweeted
Alberto Solino Sep 25
Just tagged a new stable impacket (0.9.20) version. Python 3.x support added (tested in 3.6). More info & download: and
Reply Retweet Like
Yaron Zinar retweeted
Marina Simakov Sep 12
After issuing an advisory to turn on LDAP signing & channel binding, is changing the default configuration (starting January 2020) to enable those settings. Really excited about this change! Especially after our latest NTLM Relay talks
Reply Retweet Like
Yaron Zinar retweeted
Dirk-jan Sep 11
Seems Microsoft is finally taking a stance against NTLM relaying to LDAP, by enforcing LDAP signing and channel binding by default starting January 2020. This is a big and important change to improve AD security, especially from a network point of view!
Reply Retweet Like
Yaron Zinar retweeted
Andrew Robbins Aug 30
Did you know: 1. Computer objects in AD can be added to the local admins group on other computers. 2. NT AUTHORITY\SYSTEM authenticates to other systems as the AD computer principal 3. Privileged computer accounts are VERY common, and typically overlooked. basics
Reply Retweet Like
Yaron Zinar retweeted
Lee Christensen Aug 30
Note that remote code execution is possible when SMB signing is disabled. Ex: Exchange Servers(ES) are often admins on each other. Attacker coerces one ES to auth to the attacker(e.g. w/SpoolSample) and the attacker NTLM relays to the other ES. I've exploited this more than once.
Reply Retweet Like
Yaron Zinar retweeted
Andrew Robbins Aug 22
Muscular Dystrophy killed my mother, her brother, and her father. Now it's killing my sister. Here's my ask: if you have benefited from , don't buy me a beer. Instead, donate whatever amount you can to MDA using this link:
Reply Retweet Like
Yaron Zinar retweeted
Marina Simakov Aug 25
If you weren’t in Vegas for and , and I will be presenting the results of our NTLM research in a webinar this Tuesday, everyone is welcome, Q&A at the end included 🙂
Reply Retweet Like
Yaron Zinar Aug 21
great to see is taking action to reduce attack surface by advising customers to enable LDAP relay mitigations. We talked about these issues at our and talks.
Reply Retweet Like
Yaron Zinar retweeted
Preempt Aug 16
Miss the talks our researchers and gave last week at and on vulnerabilities? Register for our next free , Aug. 27: "How We Bypassed All NTLM Relay Mitigations & How To Ensure You’re Protected"
Reply Retweet Like
Yaron Zinar Aug 13
Replying to @__h4zy @simakov_marina
Thanks! Glad you enjoyed our talk :)
Reply Retweet Like
Yaron Zinar retweeted
Marina Simakov Aug 12
Our updated slides from can be found at: . Check them out to see how we bypassed all NTLM relay mitigations 🙃. Also - we will be publishing details about "Drop The MIC 2" tomorrow!
Reply Retweet Like
Yaron Zinar Aug 9
AFAIK, talks eventually become public...
Reply Retweet Like
Yaron Zinar Aug 9
5/5 to sum up, you gave us a lot to think about. Once we're back home we'll sort out all of it and work with if we detect any additional issues. Thanks !
Reply Retweet Like