Hacks Weekly #58 The Biggest PKI Misconfigurations

Поделиться
HTML-код
  • Опубликовано: 24 дек 2024

Комментарии • 3

  • @EmilGitman
    @EmilGitman 3 месяца назад

    Thanks for sharing. Step n#1: protect your endpoints and, block any variations of mimikatz, disable debug privileges ...

  • @jerryxie777
    @jerryxie777 3 месяца назад

    If you don't know the password for the certification in example 1. Is the Bug still there???😮

    • @CQUREAcademy
      @CQUREAcademy  2 месяца назад +1

      Hi, that's a great question! In all of these examples, we assume that the user has permission to request the certificate. If the user is not able to do so, then it is not possible to abuse CA in this way.