New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Zero-day in SolarWinds’ MSP n-Central Tool Allows Theft of Admin Credentials:

Originally reported to SolarWinds on October 10th, this flaw known as “Dumpster Diver,” allows attackers to gain domain administrator credentials, essentially granting them control over the entire system. Proof-of-concept code to exploit the vulnerability is available. While SolarWinds pushed out a hotfix quite recently, Vice President of Security for SolarWinds, Tim Brown, stated that as of January 24th, there were no known instances where this exploit was used maliciously. Additionally, a mitigation tool can be used in the event that the hotfix cannot be applied.

Analyst Notes

The best solution to this vulnerability is to patch with the latest hotfix. However, if patching is not a solution, a mitigation tool has been made available by SolarWinds. As this exploit could expose domain administrator credentials, it is important to have logging and skilled monitoring in place to identify any malicious domain administrator login events. Binary Defense SOC analysts monitor clients’ endpoints 24-hours a day for signs of attacker behaviors on workstations and servers to quickly stop attacks.