Two vulnerabilities for hosted Microsoft Exchange servers (CVE-2022-41040, CVE-2022-41082) have been identified as currently being exploited in organization environments. The vulnerabilities only exist within hosted (on premise) exchange servers and Microsoft reports the Microsoft Exchange Online has protections in place. Many clients have migrated their user base to Exchange Online or Microsoft Office365 but there may still be Exchange servers operating in the environment, being used for mail relays and other IT functions.
Fortalice Solutions is proud to announce it has signed on as Champion for Cybersecurity Awareness Month 2022. At Fortalice Solutions, we believe preparation is the best strategy to protect organizations from cyber threats and crime. We transform a reactive security model into a proactive, results-based model of protection. Fortalice Solutions, led by the first woman to serve as White House Chief Information Officer, Theresa Payton, is comprised of passionate practitioners who provide organizations with clarity of priority, approach, and security design.
Fortalice Solutions CEO and Founder, Theresa Payton has announced the promotion of Bridget O’Connor and Melissa O’Leary to the position of Partner of Fortalice Solutions.
Back in when I was getting started as a junior pentester, I vividly remember reading @byt3bl33d3r's 2017 post: Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes). I still recommend checking this out if you haven't already - it will cover the basics of NTLM relaying and background on some of the confusing pieces ([Net]NTLMv1/2 anyone?) that there's no need for me to repeat here. There's also a plethora of other great NTLM relay blogs and resources that I'll try to link to throughout this post, while I attempt to touch on the ever growing library of NTLM relay uses after 2021 introduced several new relay vectors.
The notification provided to Mimecast from Microsoft indicated that several certificates issued by Mimecast had been compromised by a sophisticated threat actor.
Fortalice CEO & Founder Theresa Payton discusses the Fortalice difference and her new book, Manipulated Inside the Cyberwar to Hijack Elections and Distort the Truth.