ITSEC Newsletter 2025-05-22

Author

Henrik Falk
May 22, 2025

Commit Stomping

Commit Stomping isn’t a vulnerability in the traditional sense there’s no exploit, no CVE, and no patch incoming. It is a genuine case of it is not a bug but it is a feature of Git’s distributed and trust-based design that can be turned into a technique for deception. The issue isn’t that Git is broken, but that it trusts the user implicitly. That trust can be abused.

blog.zsec.uk/commit-stomping

Living-off-the-COM: Type Coercion Abuse

The “vulnerability by design of the COM object” model and PowerShell’s type system and different languages program, affecting any COM object method that accepts string parameters. When these methods receive a custom object instead of an expected string, PowerShell’s automatic type coercion mechanism invokes the object’s ToString() method, potentially executing arbitrary code through a controlled string return value.

medium.com/@andreabocchetti88/living-off-the-com-type-coercion-abuse-108f988bb00a

Red Team Gold: Extracting Credentials from MDT Shares

When it comes to targeting enterprise deployment infrastructure during a Red Team engagement, SCCM (System Center Configuration Manager) tends to get all the love. There’s a lot of research, tradecraft and blog post write-ups covering SCCM misconfigurations, credential exposure, and lateral movement opportunities. But while SCCM gets the spotlight, it’s often-overlooked half-cousin, Microsoft Deployment Toolkit (MDT), quietly presents a few of the same opportunities, sometimes with even less effort required. And yet, MDT is frequently left out of the conversation. Let’s fix that.

trustedsec.com/blog/red-team-gold-extracting-credentials-from-mdt-shares