Compromising Windows networks configured with non-SSL WSUS servers.
Posted on Thu 18 March 2021 in Red Team
I came across an interesting entry from hacktricks.xyz regarding WSUS:
"You can compromise the system if the updates are not requested using httpS but http."
Interesting...
After doing some research, it all links back to Contextis's 2015 paper "WSUSpect", a whitepaper on compromising the Windows network via Windows Updates …
Continue reading