Showing Posts From
December 2014
-
Ben Campbell 
Jon Cave - 16 Dec 2014
Digging into MS14-068, Exploitation and Defence
MS14-068 is a critical Windows vulnerability in Kerberos authentication that allows any authenticated domain user to forge a Privilege Attribute Certificate (PAC) and escalate privileges to domain administrator. The vulnerability enables an attacker to manipulate PAC signatures and bypass authentication controls on domain controllers running Windows 2008 and earlier. Exploitation requires only a standard domain user account and can be performed using tools like PyKEK and Impacket.
- Nils
- 10 Dec 2014
Faster fuzzing with Python
This article explores performance optimization techniques for executing external processes in Python. By investigating process spawning methods like subprocess, fork, and posix_spawn, the performance of small binary executions was analyzed. The investigation revealed that using posix_spawn with vfork can significantly improve execution speed compared to traditional subprocess methods.