This is bi-weekly dispatch is brought to you by team at Black Harbor. Every other week we share three things. One offensive technique, one defensive technique and some random snippet of something that piqued our interest.

Offense – CVE-2020-1350 – SIGRED: Windows Server DNS Bug

We would be remiss not to mention this one as it is a CVSS of 10.0. Affecting Windows Server 2003-2019 this is a wormable vulnerability that grants domain administrator rights. Details on the vulnerability can be found here.

Whats most interesting out of this for us is how quickly people are to download PoC’s and execute them without reading any source code. One twitter user, ZepherFish included a canary token and some other shenanigans in his “PoC”. He shared some of his results.

TL;DR – Check your source code.

Defense – RPC Telemetry – Detection Engineering

If you have ever wondered how Windows service creation, Inter-Process Communication and Remote Procedure Calls work then this is the post for you. This is a wonderful breakdown of how you can use abstraction models to engineer technical detections and gives theoretical and technical detail.

RPC Telemetry

Snippet

There’s a lot of great thoughts coming out of Naval Ravikant’s twitter. Here’s one that struck a chord today.

If you find value in this newsletter please consider sharing it to your friends and colleagues. Signup at https://newsletter.blackharbor.io/

View our past dispatches at https://blackharbor.io/category/dispatch/