Report an incident
Área privada
NTDS.dit Dumping via Print Spooler Abuse
Medium
Campaign, LOLBin
Defense Evasion
EDR, Sysmon, Windows

NTDS.dit Dumping via Print Spooler Abuse

A principios de 2026, los actores de amenazas explotaron vulnerabilidades en SolarWinds Web Help Desk, incluyendo CVE-2025-40551 y CVE-2025-40536, para obtener acceso inicial y escalar privilegios en servidores vulnerables. Los atacantes luego aprovecharon la herramienta de Windows print.exe para extraer información sensible y exfiltrarla.

Download PDF

labs correlati

RedSun: Turning Microsoft Defender into a Path to SYSTEM-Level Privilege Escalation
Medium
Bypass
Privilege Escalation
EDR, Sysmon, Windows

RedSun: Turning Microsoft Defender into a Path to SYSTEM-Level Privilege Escalation

BlueHammer windows Zero-Day
Medium
Bypass
Privilege Escalation
EDR, Sysmon, Windows

BlueHammer windows Zero-Day

Weaponizing Windows Toast Notifications Abuse of ToastNotify.exe for Phishing and Credential Coercion
Medium
Bypass
Defense Evasion
EDR, Sysmon, Windows

Weaponizing Windows Toast Notifications: Abuse of ToastNotify.exe for Phishing and Credential Coercion

1 2 3 5

Contacto

Get in touch with us

Contáctanos
Sorint.SEC
Via dell'Artigianato,
24046 Osio Sotto BG
Italy


+39 035 0510401
info@sec.sorint.it
Pages
Services
Certificaciones