Tag Archives: AD

Microsoft Patch Tuesday July 2023: Vulristics improvements, Office RCE, SFB SmartScreen and Outlook, EoP MSHTML and ERS, other RCEs

Vulristics improvements

I optimized the detection of the vulnerable product and the type of vulnerability based on the description. Now processing already downloaded data (with option --rewrite-flag "False") takes a few seconds. For example, only ~3 seconds for 100 MS Patch Tuesday vulnerabilities . It used to take a few minutes.

What I’ve done:

For Microsoft generated descriptions, e.g. “Microsoft Excel Remote Code Execution Vulnerability”, vulnerability type and product are now directly parsed out of the description, keyword search is not performed.
I rewrote the generic keyword search based on products.json. I have reduced the use of heavy functions without sacrificing the quality of the detections.

Continue reading →

Microsoft Patch Tuesday October 2022: Exchange ProxyNotShell RCE, Windows COM+ EoP, AD EoP, Azure Arc Kubernetes EoP

1 Reply

Hello everyone! This episode will be about Microsoft Patch Tuesday for October 2022, including vulnerabilities that were added between September and October Patch Tuesdays. As usual, I use my open source Vulristics project to create the report.

Alternative video link (for Russia): https://vk.com/video-149273431_456239106

Continue reading →

How to get the Organization Units (OU) and Hosts from Microsoft Active Directory using Python ldap3

1 Reply

I recently figured out how to work with Microsoft Active Directory using Python 3. I wanted to get a hierarchy of Organizational Units (OUs) and all the network hosts associated with these OUs to search for possible anomalies. If you are not familiar with AD, here is a good thread about the difference between AD Group and OU.

It seems much easier to solve such tasks using PowerShell. But it will probably require a Windows server. So I leave this for the worst scenario. 🙂 There is also a PowerShell Core, which should support Linux, but I haven’t tried it yet. If you want to use Python, there is a choice from the native python ldap3 module and Python-ldap, which is a wrapper for the OpenLDAP client. I didn’t find any interesting high-level functions in Python-ldap and finally decided to use ldap3.

Continue reading →

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Tag Archives: AD

Microsoft Patch Tuesday July 2023: Vulristics improvements, Office RCE, SFB SmartScreen and Outlook, EoP MSHTML and ERS, other RCEs

Vulristics improvements

Microsoft Patch Tuesday October 2022: Exchange ProxyNotShell RCE, Windows COM+ EoP, AD EoP, Azure Arc Kubernetes EoP

How to get the Organization Units (OU) and Hosts from Microsoft Active Directory using Python ldap3