-
Files that Coerce: Search Connectors and Beyond
Inspired by a webcast on NTLM coercion from Black Hills Information Security, I went down the rabbit hole of file-based forced authentication. After reviewing basically every blog post, piece of Microsoft documentation, and existing tool I could find I performed testing in my home lab and created my own tool, LinkSiren, to simplify and improve…
-
DNS Hijacking: Say My Name
The Domain Name System (DNS) is responsible for converting human-readable names into machine-readable Internet Protocol (IP) addresses. In Windows environments where names are intimately tied to identities and authentication, creating and taking over existing DNS records can be a lucrative endeavor that enables coercion and potential relay of NTLM and Kerberos authentication. TL;DR – This…