
Jake Karnes
21 posts

Jake Karnes
@jakekarnes42
Sr. Technical Architect / Penetration Tester for @NetSPI. All tweets/etc. are my own.








Here's another serious vulnerability to add onto the list of recent Azure issues. This is our write up (and a thread) on CVE-2021-42306 (CredManifest), which addresses the cleartext storage of App Registration credentials in AAD SP manifests. netspi.com/blog/technical… (1/5)




Trimarc Founder Sean Metcalf (@PyroTek3) shares his insight on the Kerberos Bronze Bit Attack (CVE-2020-17049), how it works, how to fix it, and how this could be leveraged to potentially compromise Active Directory. Read his post: hub.trimarcsecurity.com/post/leveragin…



3/5 It's reported by author @jakekarnes42 to be exploited in the wild #vuln-details" target="_blank" rel="nofollow noopener">attackerkb.com/topics/dx20vE1…





Some "reading-between-the-lines" in @FireEye blog on #fireeye attackers MOs I believe it included some #microsoft #0day, hence explicit mention of "Microsoft" and "Novel Techniques" Additionally today is patch Tuesday. Coincidence? I think not. fireeye.com/blog/products-…














