by edward | Nov 22, 2023 | Exchange 2016, Active Directory, BurpSuite, Exchange 2013, Exchange 2019, Kali Linux
We all know that end users hate complex passwords and having to change passwords often leads them to use the same password but add a number or character at the end of it. Password complexity is just one of the problems. The next problem is information disclosure such...
by edward | Jul 22, 2023 | Active Directory, ESET File Security, Mimikatz, Tehtris EDR
I was testing the Invoke-Mimikatz script on my Windows 2016 Server and while it is straight forward to bypass Windows Defender, I thought of taking the challenge and seeing if I can bypass ESET on the same server. If you try and copy the file from a zip file for...
by edward | Dec 21, 2020 | Exchange 2010, Active Directory, Exchange 2013, Exchange 2016, Exchange 2019
A few months ago a zerologon exploit was released and this exploit was able to do damage to an Active Directory environment. Microsoft released a patch in the next set of updates and in a 2x part video, we show you how an unpatched system is compromised vs a patched...
by edward | Oct 14, 2020 | Exchange 2010, Active Directory, Exchange 2013, Exchange 2016, Exchange 2019
Weak passwords is a common mistake with many email users or even admins that manage domains. I recently had the opportunity to demo the zerologon exploit and how it breaks your domain controllers in your environment. This means that Exchange will be broken as well. I...
