Cybersecurity

Zerologon Vulnerability

In September 2020 Secura published an article disclosing a vulnerability in Windows Server (all known versions) Netlogon Remote Protocol. This vulnerability is known as CVE-2020-1472 or more commonly, Zerologon.

Zerologon poses a major threat to organizations as it targets the Domain Controller (DC). Attackers target domain controllers in order to gain access to the domain admin account and ultimately to control the hosts and servers connected to the data center. This enables threat actors to gain access to the entire compromised environment.

The attack utilizes flaws in an authentication protocol that validates the authenticity and identity of a domain-joined computer to the Domain Controller. Due to the incorrect use of an AES mode of operation it is possible to spoof the identity of any computer account (including that of the DC itself) and set an empty password for that account in the domain.

The exploitation consists of sending a large amount of authentication requests to a Domain Controller via NetLogon. These contain a client request which contains only 0’s for the credentials and results in a successful logon when a good key is chosen randomly by the server. A good key is chosen on average 1 in 256 times.

The exploit includes the utilization of a newly acquired connection in order to reset the password to a blank value, and then perform privilege escalation to Domain Admin.

You can find more information about Zerologon vulnerability here, and watch a webinar here.



----

Prepared by: CREAplus IT security Team 

News

Technical Training for Hardware Security Module (HSM)

utimaco LAN V5 4CREAplus, authorized Utimaco training partner, is going to deliver an online hands-on technical training for hardware security module (HSM), on 3-4 June 2021.

Read more ...

CREAplus Successfully Delivered Training for Utimaco HSM

utimaco LAN V5 4CREAplus, authorized Utimaco training partner, successfully delivered another 2-day online hands-on technical training on hardware security module (HSM), in April 2021.

Read more ...

CREAplus at Locked Shields 2021 with Cynet 360

cynetThe largest international live cyber defense exercise Locked Shields 2021, in which CREAplus experts also participated with the Cynet 360 platform, has successfully come to an end. 

Read more ...

Cyber Security Exercise Locked Shields 2021

u.trust 360CREAplus is a part of the world's largest cyber defense exercise - more than 2000 experts from 30 nations are taking part in the Locked Shields 2021, the largest and most complex international Live-Fire Cyber Exercise organized by NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). 

Read more ...

u.trust 360 Now With Support for CryptoServer LAN HSMs

u.trust 360With the Utimaco u.trust 360 administration platform you can now remotely access your Atalla AT1000 and CryptoServer LAN V5 hardware security modules (HSMs) for real-time monitoring, configuration or reporting purposes on premises or in the cloud.

Read more ...