3 posts · security research and write-ups
Recon from unauthenticated and authenticated angles using techniques and tools such as Nmap, RPC/IIS fingerprinting, LDAP/WMI to locate MPs/DPs and exposed package artifacts.
Exploring SCCM’s collections, variables, task sequences, network access accounts, and PXE boot to understand the in-depth process behind deployment and operating system provisioning.
Breaking down and understanding Microsoft SCCM’s architecture, core components, different deployment models, and client installation methods before diving deeper into exploitation later.
