ITSEC Newsletter 2026-01-15

There is a lot of material on MITM attacks online, with examples of how to use various tools. But in this article, I will focus on how to perform MITM correctly. I will also focus on practical MITM attacks that have a tangible impact. The purpose of this article is not to teach MITM attacks from scratch; my goal is to give you a better understanding of the processes that occur during MITM attacks.

Before we go any deeper, there is something important to clarify. This attack relies on modifying properties of user accounts inside Active Directory. That means you must already have domain administrator privileges. Normally, when an attacker compromises a domain admin account, the game is over for the organization. That account gives unrestricted control over the domain. But even with that level of privilege, there are still times when you may want credentials for a specific domain user, and you do not want to trigger obvious high-risk actions.

BLUVOYIX is a SaaS platform that powers the cargo and ocean shipping/logistics industry. It is best described by this block of text from their website: A cloud-based solution that helps shippers manage their supply chain data in a frictionless, neutral environment supported by a best-in-class tech stack. What you basically need to know is, 500 companies use it to manage their global supply chain, and the platform ran on plaintext passwords and unauthenticated APIs.