tag:blogger.com,1999:blog-343942367941320523.post4458009875503159926..comments2023-11-17T01:45:51.339+02:00Comments on Alexander Korznikov. A bit of security.: RCE by abusing NAC to gain Domain Persistence.nopernikhttp://www.blogger.com/profile/11549169563852115328noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-343942367941320523.post-36831667952167050922017-05-16T15:28:43.586+03:002017-05-16T15:28:43.586+03:00Not all NAC systems using agents,
and not all nac ...Not all NAC systems using agents,<br />and not all nac systems use only MAC address to authenticate, some of them use 4 more parameters.<br />so this article is not that correct,<br />think twice before posting.<br /><br />Thank you,<br />NAC expert.Unknownhttps://www.blogger.com/profile/10785981104819775039noreply@blogger.comtag:blogger.com,1999:blog-343942367941320523.post-62163194686680539542016-09-30T22:50:45.477+03:002016-09-30T22:50:45.477+03:00I know you linked to the article about NAC bypass ...I know you linked to the article about NAC bypass could you make a blogpost with the techniques and steps to pull it off and same for 802.1x?Anonymoushttps://www.blogger.com/profile/00283662931880188821noreply@blogger.comtag:blogger.com,1999:blog-343942367941320523.post-78493221570676067152016-07-15T04:14:03.504+03:002016-07-15T04:14:03.504+03:00Indeed.. But in my humble experience, people in la...Indeed.. But in my humble experience, people in large organizations in Israel are too lazy to implement 802.1x or ipsec. By the way, if you owned a workstation with NAC agent installed (sure, with dot1x), you're still have the ability to perform SMBRelay while NAC will examine your host again. Right?nopernikhttps://www.blogger.com/profile/11549169563852115328noreply@blogger.comtag:blogger.com,1999:blog-343942367941320523.post-87579239044173671542016-07-13T23:58:15.476+03:002016-07-13T23:58:15.476+03:00In your article you only talk about very bad NAC i...In your article you only talk about very bad NAC implementation. In 2016 when implementing NAC I would demand the use of 802.1X and certificates.schniggiehttp://schnigg.ienoreply@blogger.comtag:blogger.com,1999:blog-343942367941320523.post-14754042283764159972016-07-13T16:51:18.893+03:002016-07-13T16:51:18.893+03:00Nice finding!
Looks similar to a tick with Kaspers...Nice finding!<br />Looks similar to a tick with Kaspersky https://erpscan.com/press-center/blog/smbrelay-bible-4-smbrelay-with-no-action-or-attacking-security-software-kaspersky-avsymantec-dlp-gfi-languard-0-days/<br /><br />There is only one thing: you can relay to servers too. SMB singing is not required by default (except DC)<br /><br /><br />Aleksei Tiurinhttps://www.blogger.com/profile/12130898511014099572noreply@blogger.com