Волосатый бублик

In today’s cyber security landscape, attacks against Active Directory protocols are frequent and more tools to exploit them are being developed every day. At Trimarc, one of the protocols that we see attacked quite frequently (often due to misconfigurations) is the Lightweight Directory Access Protocol (LDAP). We believe one reason for this is that professionals still grapple with understanding LDAP security and the security options available in Active Directory. LDAP is a cornerstone of AD operations, facilitating the modification of directory objects. This is why it’s imperative to implement proper security mechanisms to such an enticing entry point for attackers. LDAP Signing ensures the integrity and authenticity of LDAP communications. Channel Binding ties the Transport Layer Security (TLS) channel to the application layer, thereby securing session tampering. During this webcast, ace Identity Security Consultant Darryl Baker will deep-dive into LDAP Signing and Channel Binding, how they function, and how to implement them to increase Active Directory Security. He will discuss common vulnerabilities exploited through unsecured LDAP channels and demonstrate how implementing these measures can prevent these attacks.

In this blog post, we will explore a new way of exploiting the vulnerability on PHP, using direct calls to iconv(), and illustrate the vulnerability by targeting Roundcube, a popular PHP webmail.