Blog Post

The Human Connection Blog
1 MIN READ

New CTI Labs: BadSuccessor: Offensive and Defensive

BenMcCarthy's avatar
BenMcCarthy
Icon for Immerser rankImmerser
6 days ago

Today, Immersive's Container 7 Research Team have released two new CTI labs covering the recent release of the vulnerability dubbed "BadSuccessor". You'll learn how to use this vulnerability against a vulnerable domain and how to threat hunt for signs of this attack occurring.

Two days ago, Akamai released a technical research blog post detailing a privilege escalation vulnerability in Windows Server 2025. This vulnerability abuses delegated Managed Service Accounts (dMSAs), and with the right base permissions, it could allow a user to gain domain admin permissions or even dump the NTLM hashes for all users in the domain. There is no patch available, and this would be considered a public zero-day. 

Why are these labs important?

Many organisations use a Windows Domain to manage their users and accounts. This newly announced zero-day has no patch and no known detections in SIEMs. A combination of these labs will allow organisations to identify any potentially weak configurations vulnerable to exploitation and how to threat hunt in a SIEM to identify signs of exploitation.

Who is it for?

  • Incident responders
  • SOC analyst
  • CTI Analysts
  • Threat Hunters
  • Pentesters / Red Teams

Here is the link to the analysis lab:

Updated 6 days ago
Version 1.0
content updates
cyber threat intelligence
BenMcCarthy's avatar
Icon for Immerser rankImmerser
Lead Cyber Security Engineer. I lead the team that releases the content for the CTI part of the platform! Latest CVEs, malware threats and emerging threats all within 24 hours.
View Profile
RobReeves's avatar
Icon for Immerser rankImmerser
Rob is a Principal Cyber Security Engineer at Immersive, primarily working with Exercising and Ranges. His background is as a Pentester and Red Teamer with a number of years industry experience working for a large UK consultancy before joining Immersive, and prior to that spent 10 years in the British Army.
View Profile
KevBreen's avatar
Icon for Immerser rankImmerser
Kev Breen currently serves as Senior Director of Cyber Threat Research at Immersive, where he helps organizations assess, build, and prove their Cyber Workforce Resilience. He is a renowned expert on new and emerging threats. Prior to his time at Immersive , Breen spent 15 years in the military with the Royal Signals, starting as a radio technician repairing radio electronics and communications, before moving on to digital networks specialising as a malware analyst protecting UK MOD networks against cyber attacks. With over two decades of experience in IT and cybersecurity, Breen has learned the tradecraft for defensive, offensive, and deceptive cyber operations. Breen has conducted extensive open-source research, including creating and releasing toolkits for network defenders, mainly for malware analysis and decryption, as well as writing the YARA rules, which are still recommended by VirusTotal. Breen’s open-source research gets a lot of attention, not only from the cybersecurity community, but also from the threat actors themselves.
View Profile
The Human Connection Blog
Learn from our passionate experts on a wide range of subjects from Cyber Threat Research to maximizing value with Immersive, plus, hear from our outstanding customers who are keen to share their experiences.
No CommentsBe the first to comment