The Human Connection Blog
1 MIN READ
New Cyber Threat Intelligence Lab release!
BenMcCarthy
Immerser
10 months agoToday we have a brand new set of labs related to AWS-2024-006 (unattend.xml Privilege Escalation)
On Wednesday, June 11, 2024, AWS released details on a vulnerability to the VMIE service, discovered by Immersive Labs and identified as AWS-2024-006. It's an insufficiently-protected credentials vulnerability in the Sysprep process, which can be exploited to gain local privilege escalation from cleartext credentials.
In this lab, you have access to a vulnerable Windows server and need to identify and extract the credentials to gain administrator-level access.
Who's it for?
- Penetration Testers
- Red Teamers
- Incident Responders
- Threat Hunters
What are the key takeaways?
- Locate and abuse cached credentials related to unattended installations
- Demonstrate how cleartext credentials can be abused by malicious actors
Cyber Pro licensed users can access the new collection here.
You can read more about the security weakness here.
Updated 10 months ago
Version 2.0BenMcCarthy
Immerser
Joined May 30, 2024
The Human Connection Blog
Learn from our passionate experts on a wide range of subjects from Cyber Threat Research to maximizing value with Immersive, plus, hear from our outstanding customers who are keen to share their experiences.