Tag: accounts

MachineAccountQuota Transitive Quota: 110 Accounts and Beyond

Background If you aren’t familiar with MachineAccountQuota (MAQ), I recommend skimming my previous blog post on the subject. TLDR Active Directory (AD) tracks transitive accounts created through MAQ to limit the number of accounts that can be added from a single unprivileged source account. AD calculates the maximum using a formula of Q * (Q […]

Maintaining Azure Persistence via Automation Accounts

In every penetration test that involves Azure, we want to escalate our privileges up to a global administrator of the tenant. Once we’ve escalated our privileges in an Azure tenant, we want to have the ability to maintain our access to each subscription and the tenant as a whole. Aside from the benefits of controlling […]

Hacking 10,000 Accounts

I decided to find out who has been behind the double xp streams on Twitch. In the process of doing so I discovered an underground hacking community. One of them was up for an interview. I discovered he has been hacking RuneScape and CSGO accounts for years. Since 2015 he has stepped up his game. […]

Docker Hub Database Breached, As Many As 190,000 Accounts Affected

Docker, a company that created an open platform for building and running distributed applications, reported to users that its Docker Hub database had been breached, exposing sensitive data from approximately 190,000 accounts. While that figure makes up less than five percent of Hub users, the data included some usernames and hashed passwords as well as […]

Using Azure Automation Accounts to Access Key Vaults

This is the second post in a series of blogs that focuses around Azure Automation. Check out “Exporting Azure RunAs Certificates for Persistence” for more info on how authentication works for Automation Accounts. In this installment, we’re going to focus on making use of Automation Accounts to gain access to sensitive data stored in Key […]
« Previous PageNext Page »
Send us a WhatsApp!