See the latest by Garrett Foster
Decrypting the Forest From the Trees
TL;DR: SCCM forest discovery accounts can be decrypted including accounts used for managing untrusted forests. If...
By: garrett foster
Mar 6, 2025 • 10 min read
Read Post
SCCM Hierarchy Takeover with High Availability
TL;DR: SCCM sites configured to support high availability can be abused to compromise the entire hierarchy...
By: garrett foster
Feb 21, 2024 • 15 min read
Read Post
Site Takeover via SCCM’s AdminService API
tl:dr: The SCCM AdminService API is vulnerable to NTLM relaying and can be abused for SCCM...