Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update
A critical security flaw (CVE-2025-11001) in 7-Zip has a public exploit. Learn why this high-risk vulnerability is dangerous and how to manually update to version 25.01 now.
Windows
Hack The Box: Mirage Machine Walkthrough – Hard Difficulity
Compromising the Mirage domain started with a simple clue hidden in an exposed NFS share. Inside a PDF report was a missing DNS record—just enough to pivot. By hijacking the DNS entry, I intercepted NATS JetStream traffic and captured real authentication logs, including valid credentials. After fixing the system time and obtaining a Kerberos TGT, I gained my first foothold on the domain controller and captured the user flag.
From there, the path to domain dominance unfolded through Active Directory weaknesses. An SPN ticket leak led to a cracked password, which opened the door to BloodHound reconnaissance and more credentials. I reset a disabled user’s password, extracted a service account’s managed password, and used Certipy to transform certificate abuse into full machine-level impersonation. With Resource-Based Constrained Delegation enabled, I forged Kerberos tickets, dumped every domain hash, and finally authenticated as Administrator—securing the root flag.
#CyberSecurity #PenetrationTesting #Kerberos #ActiveDirectory #RedTeam #HackTheBox #Infosec #PrivilegeEscalation
The post Hack The Box: Mirage Machine Walkthrough – Hard Difficulity appeared first on Threatninja.net.
Windows 11 to Prevent BSOD Error Messages from Showing Publicly
Microsoft has announced a significant Windows 11 update that will prevent the Blue Screen of Death (BSOD) and other system error messages from appearing on public-facing screens. The new feature, called Digital Signage mode, addresses a critical busine…
Windows Graphics Flaw Lets Hackers Take Over with Just One Image
Security researchers have identified a dangerous flaw in the Windows Graphics Component that enables attackers to seize complete control of computers using nothing more than a crafted image file. The vulnerability, tracked as CVE-2025-50165, represents…
7-Zip vulnerability is being actively exploited, NHS England warns (CVE-2025-11001)
NHS England Digital, the technology arm of the publicly-funded health service for England, has issued a warning about a 7-Zip vulnerability (CVE-2025-11001) being exploited by attackers. “Active exploitation of CVE-2025-11001 has been observed in…
How to Find Stored Passwords on Windows 10/11 Easily
Key TakeawaysTo find stored passwords on Windows 10 or 11, users can use built-in tools, such as Credential Manager and network settings, which help retrieve Wi-Fi, application, and web passwords safely. These passwords are stored securely and encrypte…
How to Fix Mobile Hotspot Not Working In Windows 11
Key TakeawaysRun the Network Adapter Troubleshooter from Settings → System → Troubleshoot → Other troubleshooters to automatically detect and fix mobile hotspot problems in Windows 11.Disable Bluetooth from Settings → Bluetooth & devices to avoid w…
How to Open Port in Windows Server Firewall (TCP/UDP Guide)
Key TakeawaysYou can open ports in Windows Firewall using GUI, PowerShell, or Command Prompt, each method suits different admin needs, from manual setups to automated scripting across multiple servers.Always verify opened ports are functional and secur…
Patch Tuesday: Microsoft fixes actively exploited Windows kernel vulnerability (CVE-2025-62215)
Microsoft has delivered a rather light load of patches for November 2025 Patch Tuesday: some 60+ vulnerabilities have received a fix, among them an actively exploited Windows Kernel flaw (CVE-2025-62215). CVE-2025-62215 CVE-2025-62215 is a memory corru…
Microsoft Patch Tuesday security updates for November 2025 fixed an actively exploited Windows Kernel bug
Microsoft fixed over 60 flaws, including an actively exploited Windows kernel zero-day, in its latest Patch Tuesday updates. Microsoft’s Patch Tuesday security updates for November 2025 addressed 63 vulnerabilities impacting Windows and Windows Components, Office and Office Components, Microsoft Edge (Chromium-based), Azure Monitor Agent, Dynamics 365, Hyper-V, SQL Server, and the Windows Subsystem for Linux […]