blueteamsecEnglish · 6 months ago

HKLM\SYSTEM\Setup\sMarTdEpLoY - The (Static) Keys to Abusing PDQ SmartDeploy

1

2

HKLM\SYSTEM\Setup\sMarTdEpLoY - The (Static) Keys to Abusing PDQ SmartDeploy

blueteamsecEnglish · 6 months ago

1

HKLM\SYSTEM\Setup\sMarTdEpLoY - The (Static) Keys to Abusing PDQ SmartDeploy - SpecterOps

TL;DR: Prior to version 3.0.2046, PDQ SmartDeploy used static, hardcoded, and universal encryption keys for secure credential storage. Low-privileged users may recover and decrypt privileged credentials, such as Local Administrator or Active Directory domain-joined accounts, from the registry of managed devices or from operating system (OS) deployment files stored on deployment servers. Introduction PDQ SmartDeploy […]

You must log in or # to comment.

Chat

digicatOPM
link
fedilink
English
arrow-up
1·
6 months ago
https://github.com/garrettfoster13/NotSoSmartDeploy

blueteamsec

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !blueteamsec@infosec.pub

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

40 users / day
110 users / week
300 users / month
929 users / 6 months
224 local subscribers
627 subscribers
2.39K Posts
183 Comments
Modlog

mods:
digicat