Marina Simakov

Find me on:

Recent Posts

Drop the MIC - CVE-2019-1040

Posted by Marina Simakov on Jun 11, 2019 9:52:17 AM

As announced in our recent security advisory, Preempt researchers discovered how to bypass the MIC (Message Integrity Code) protection on NTLM authentication and modify any field in the NTLM message flow, including the signing requirement. This bypass allows attackers to relay authentication attempts which have negotiated signing to another server while entirely removing the signing requirement. All servers which do not enforce signing are vulnerable.

Read More

Topics: NTLM, Security Advisory, Microsoft

Your Session Key is My Session Key: How to Retrieve the Session Key for Any Authentication

Posted by Marina Simakov on Jun 11, 2019 9:51:51 AM

As announced in our recent security advisory, Preempt researchers discovered a critical vulnerability which allows attackers to retrieve the session key for any NTLM authentication and establish a signed session against any server. Any domain environment which does not entirely block NTLM traffic is vulnerable.

Read More

Topics: NTLM, Security Advisory, Microsoft

Is Your Organization at Risk Because a Local Administrator Has a Weak Password?

Posted by Marina Simakov on Dec 18, 2018 7:32:55 AM

In July, media reported that SingHealth, Singapore’s largest health organization, was breached with 1.5 million medical records stolen. The stolen records included those of Singapore’s prime minister Lee Hsien Loong. Consequently, a special inquiry had taken place, revealing that SingHealth had several security gaps and vulnerabilities which could have easily been exploited by attackers, including a local administrator account with a very weak password (P@ssw0rd). In fact, one of the ways which enabled the attackers to move laterally in the network was by using compromised Citrix local accounts.

Read More

Topics: Passwords, Stealthy Admin