Hacker News: cybergreg

New comment by cybergreg in "Kerberoasting"

cybergreg — Wed, 10 Sep 2025 13:56:08 +0000

I realize I might have been late to the party. As other comments have said, its not as easy as blaming Microsoft, though this is a popular take.

New comment by cybergreg in "Kerberoasting"

cybergreg — Wed, 10 Sep 2025 13:54:02 +0000

Good overview of Kerberoasting, still a common attack chain. A couple things though: To obtain access to a service, you actually need to get a service ticket (TGS) from the KDC (Domain Controller) to authenticate to the service, not a TGT. The TGT is the first ticket acquired during authentication to the domain. In addition, the "salt" is not a true salt but a concatenation of the domain and principal name, so even worse. Active Directory (invented at MIT) supports RC4, AES128, and AES256 encryption types, however you can effectively disable RC4 via Group Policy. The reason RC4 is still supported is to support legacy systems. Many organizations use old software that only supports RC4. For example, I've run into many manufacturing and small businesses that have no choice but to use it and can't upgrade the software due to $$$. Anyway, good stuff! Shout out to Tim Medin, who published this back in 2014.

New comment by cybergreg in "An attacker’s blunder gave us a look into their operations"

cybergreg — Wed, 10 Sep 2025 00:00:41 +0000

Again, threat actors are well aware of what they’re downloading. FWIW I’m an offsec specialist. I spend a lot of time bypassing EDR. Im just shocked at how little this crowd is aware of OpSec and threat intel. I’ll crawl back into my Reddit hole

New comment by cybergreg in "An attacker’s blunder gave us a look into their operations"

cybergreg — Tue, 09 Sep 2025 23:55:11 +0000

Threat intelligence is a thing.in fact there’s entire companies that sell just that. In fact, there’s entire government organizations that do just that.

New comment by cybergreg in "An attacker’s blunder gave us a look into their operations"

cybergreg — Tue, 09 Sep 2025 23:50:04 +0000

Huh? Small and medium sized businesses have how much to spend on security? Let alone IT?

New comment by cybergreg in "An attacker’s blunder gave us a look into their operations"

cybergreg — Tue, 09 Sep 2025 18:44:51 +0000

In the US, on a corporate owned device there is no expectation of privacy.

New comment by cybergreg in "An attacker’s blunder gave us a look into their operations"

cybergreg — Tue, 09 Sep 2025 18:43:54 +0000

Huntress is a cybersecurity company. They’re specifically hired for this purpose, to protect the company and its assets.

As far as unique identifiers go, advertisers use a unique fingerprint of your browser to target you individually. Cookies, JavaScript, screen size, etc, are all used.

New comment by cybergreg in "An attacker’s blunder gave us a look into their operations"

cybergreg — Tue, 09 Sep 2025 18:25:36 +0000

You’re really missing the point here. Huntress is an MDR, a cybersecurity company. They protect the endpoint by monitoring it for malicious activity and responding in kind. It’s what they do, not unlike Crowdstrike, Microsoft, etc. Generally a threat actor will install a security agent like this to find a bypass in order to attack more victims. They know exactly what they’re doing.