{"id":54159,"date":"2023-10-17T15:32:45","date_gmt":"2023-10-17T15:32:45","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/35132\/Trench-Tales-The-College-Account-Takeover-That-Never-Happened.html"},"modified":"2023-10-17T15:32:45","modified_gmt":"2023-10-17T15:32:45","slug":"trench-tales-the-college-account-takeover-that-never-happened","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/trench-tales-the-college-account-takeover-that-never-happened\/","title":{"rendered":"Trench Tales: The College Account Takeover That Never Happened"},"content":{"rendered":"<ol>\n<li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/#disclaimer\">Disclaimer<\/a><\/li>\n<li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/#setting-up-your-ios-device\">Introduction<\/a><\/li>\n<li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/#the-vulnerability\">The Vulnerability<\/a><\/li>\n<li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/#methodology\">Methodology<\/a>\n<ol>\n<li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/#shodan\">Shodan<\/a><\/li>\n<li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/#ldapsearch\">Ldapsearch<\/a><\/li>\n<li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/#bash\">Bash<\/a><\/li>\n<li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/#python\">Python<\/a><\/li>\n<\/ol>\n<\/li>\n<li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/#setting-up-your-ios-device\">Ethical Dilemmas<\/a><\/li>\n<li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/#setting-up-your-ios-device\">Case Study \u2013 The College<\/a><\/li>\n<li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/#conclusion\">Conclusion<\/a><\/li>\n<\/ol>\n<h2 class=\"wp-block-heading\" id=\"disclaimer\">Disclaimer<\/h2>\n<p>All activities presented within this post have been conducted for research purposes. All efforts were made to disclose the findings responsibly to the owners. Where more intrusive tests were conducted, I made sure to contact the owners beforehand.<\/p>\n<h2 class=\"wp-block-heading\" id=\"setting-up-your-ios-device\">Introduction<\/h2>\n<p>Recently, I embarked on a journey to scout the internet for one specific vulnerability. On the journey, I encountered ethical dilemmas, discovered critical vulnerabilities, and gained valuable insights through my experiences. The project started from a rather simple question, but ended revealing a lot more than I expected. You can find a simple, less technical description here: <a href=\"https:\/\/youtu.be\/WcFZd_68HVg?si=er-D3lgZ0CtRI8nq\" rel=\"nofollow\">https:\/\/youtu.be\/WcFZd_68HVg?si=er-D3lgZ0CtRI8nq<\/a>. <\/p>\n<h2 class=\"wp-block-heading\" id=\"the-vulnerability\">The Vulnerability<\/h2>\n<p>During the past year, I found myself fascinated with LDAP Anonymous Binding. In itself, it is not necessarily a misconfiguration or vulnerability, but rather a feature of LDAP, allowing clients to connect and search the directory (bind and search) without logging in. For instance, if the directory contains publicly accessible information that does not require authentication, such as a company\u2019s contact directory or public phone book, one may allow anonymous binds for read-only access to this information. Also, some older applications and devices may not support authentication when querying LDAP directories. In such cases, one may need to allow anonymous binds temporarily to ensure compatibility.<\/p>\n<p>However, there is a possibility that LDAP Anonymous Binding is allowed even when the directory contains sensitive information. This can be a serious breach of confidentiality, as anyone can access the sensitive information behind the unprotected service. <\/p>\n<h2 class=\"wp-block-heading\" id=\"methodology\">Methodology<\/h2>\n<p>This project\u2019s core questions were \u201cHow many servers allow LDAP Anonymous Binding?\u201d and \u201cWhat sort of information do they expose?\u201d. In order to answer these questions, I used the following tools\/utilities:<\/p>\n<ul>\n<li>Shodan<\/li>\n<li>Ldapsearch<\/li>\n<li>Bash<\/li>\n<li>Python<\/li>\n<\/ul>\n<h3 class=\"wp-block-heading\" id=\"shodan\">Shodan<\/h3>\n<p>Shodan is a search engine designed to locate and gather information about devices and services connected to the internet. For me, it was the perfect tool for this project, as I could simply search for \u201cLDAP Anonymous\u201d and it would give me a fairly reliable list of results. Could I have used masscan or any other scanner? Probably so, but Shodan allows me to be more quiet, as I am not the one doing the active scanning. So after Shodan displayed over 3000 results, I downloaded the data as JSON.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"3765\" data-permalink=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/image-28\/\" data-orig-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image.png\" data-orig-size=\"374,896\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image\" data-image-description data-image-caption data-medium-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image.png?w=125\" data-large-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image.png?w=374\" width=\"374\" height=\"896\" src=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image.png?w=374\" alt class=\"wp-image-3765\" srcset=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image.png 374w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image.png?w=92 92w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image.png?w=125 125w\" sizes=\"auto, (max-width: 374px) 100vw, 374px\"><figcaption class=\"wp-element-caption\">Shodan results for \u201cLDAP Anonymous\u201d<\/figcaption><\/figure>\n<\/div>\n<h3 class=\"wp-block-heading\" id=\"ldapsearch\">Ldapsearch<\/h3>\n<p>Ldapsearch is a command-line utility used to query and retrieve information from LDAP directories. For this project I ran ldapsearch in two steps:<\/p>\n<ol>\n<li>ldapsearch -H ldap:\/\/<strong>$target<\/strong> -x -s base namingcontexts<\/li>\n<li>lapsearch -x -H ldap:\/\/$target -b \u201c\u2018\u201d<strong>$namingcontext<\/strong> \u201c\u2018\u201d<\/li>\n<\/ol>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"3769\" data-permalink=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/image-1-10\/\" data-orig-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-1.png\" data-orig-size=\"530,330\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image-1\" data-image-description data-image-caption data-medium-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-1.png?w=300\" data-large-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-1.png?w=530\" width=\"530\" height=\"330\" src=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-1.png?w=530\" alt class=\"wp-image-3769\" srcset=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-1.png 530w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-1.png?w=220 220w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-1.png?w=300 300w\" sizes=\"auto, (max-width: 530px) 100vw, 530px\"><figcaption class=\"wp-element-caption\">Getting the namingContexts using ldapsearch<\/figcaption><\/figure>\n<\/div>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" data-attachment-id=\"3770\" data-permalink=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/image-2-9\/\" data-orig-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-2.png\" data-orig-size=\"512,150\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image-2\" data-image-description data-image-caption data-medium-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-2.png?w=300\" data-large-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-2.png?w=512\" loading=\"lazy\" width=\"512\" height=\"150\" src=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-2.png?w=512\" alt class=\"wp-image-3770\" srcset=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-2.png 512w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-2.png?w=220 220w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-2.png?w=300 300w\" sizes=\"auto, (max-width: 512px) 100vw, 512px\"><figcaption class=\"wp-element-caption\">Running the second ldapsearch command to query the directory<\/figcaption><\/figure>\n<\/div>\n<h3 class=\"wp-block-heading\" id=\"bash\">Bash<\/h3>\n<p>The usage of bash was pretty simple for this project. <\/p>\n<ol>\n<li>Extract the IP addresses from the JSON output from Shodan\n<ul>\n<li>cat shodan_output.json | jq | grep \u201cip_str\u201d | awk \u2018{print $2}\u2019 | tr -d \u2018\u201d\u2018 | sort -u &gt; targets.txt<\/li>\n<\/ul>\n<\/li>\n<li>Run ldapsearch to extract the namingContexts for each IP address\n<ul>\n<li>for target in $(cat targets.txt); do echo \u201cNaming Context for $target\u201d;timeout 5 ldapsearch -H ldap:\/\/$target -x -s base namingcontexts;echo \u201c##########################################\u201d;done &gt; ldap_search.output<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p>Let me break-down the second command:<\/p>\n<ul>\n<li><strong>for target in $(cat targets.txt)<\/strong>: We take each IP extracted from the Shodan output one by one<\/li>\n<li><strong>echo \u201cNaming Context for $target\u201d<\/strong>: We display \u201cNaming Context for\u201d followed by the IP address<\/li>\n<li><strong>timeout 5 ldapsearch -H ldap:\/\/$target -x -s base namingcontexts<\/strong>: We run ldapsearch with a timeout of 5 seconds<\/li>\n<li><strong>echo \u201c##########################################\u201d<\/strong>: We display a bunch of \u201c#\u201d (the reason for this will become clear in the next section)<\/li>\n<li><strong>&gt; ldap_search.output<\/strong>: We redirect the output to ldap_search.output<\/li>\n<\/ul>\n<p>And that is it. From here I moved to Python, not because what I needed could not be done in bash, but because I feel more comfortable in Python.<\/p>\n<h3 class=\"wp-block-heading\" id=\"python\">Python<\/h3>\n<p>I decided to use Python to parse ldap_search.output, extract the namingContexts, generate ldapsearch commands in the correct format (lapsearch -x -H ldap:\/\/$target -b \u201c\u2018\u201d<strong>$namingcontext<\/strong> \u201c\u2018\u201d), run them in parallel to save time, and save the output individually in a folder. At the moment, I am not 100% comfortable with sharing the script, because I am afraid script kiddies may use it. However, describing what the script does is in my comfort zone, as more advanced users could do this without my help anyway. So here it is:<\/p>\n<ol>\n<li>Split the contents of ldap_search.output by <strong>\u201c##########################################\u201d<\/strong><\/li>\n<li>Grab the IP addresses for each item by searching for <strong>\u201cNaming Context for\u201d<\/strong><\/li>\n<li>Find each appearance of <strong>\u201cnamingContexts:\u201d<\/strong> and create a list of all naming contexts displayed<\/li>\n<li>Use the IP and namingContexts to create the ldapsearch commands<\/li>\n<li>Use your preferred parallel execution method to execute the ldapsearch commands<\/li>\n<\/ol>\n<p>It is fairly simple, it took me less than 60 lines of code. I may publish the script as well, but I am still waiting for a few disclosures to be resolved.<\/p>\n<h2 class=\"wp-block-heading\" id=\"setting-up-your-ios-device\">Ethical Dilemmas<\/h2>\n<p>Before I move further and display some juicy findings, I would like to touch upon the ethical issues which I faced during this project. <\/p>\n<p>Generally, I consider myself an <strong>Ethical <\/strong>Hacker. However, I also believe that ethics are inherently subjective and that each individual possesses their own moral compass. Often, hackers are split into three categories: White Hat, Grey Hat and Black Hat. I would argue that there are too many shades of grey to fit in one category. The following continuum reflects my personal assessment of certain activities on a simplified ethics scale:<\/p>\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-attachment-id=\"3791\" data-permalink=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/image-3-7\/\" data-orig-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-3.png\" data-orig-size=\"1473,649\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image-3\" data-image-description data-image-caption data-medium-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-3.png?w=300\" data-large-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-3.png?w=840\" loading=\"lazy\" width=\"1473\" height=\"649\" src=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-3.png?w=1024\" alt class=\"wp-image-3791\" srcset=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-3.png?w=1024 1024w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-3.png 1473w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-3.png?w=220 220w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-3.png?w=300 300w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-3.png?w=768 768w\" sizes=\"auto, (max-width: 1473px) 100vw, 1473px\"><figcaption class=\"wp-element-caption\">Some data points on my White Hat-Black Hat continuum<\/figcaption><\/figure>\n<p>During this project, I have not exfiltrated data and have not launched Denial of Service attacks. However, all other activities were fair game. The reason for this was that my underlying objective was making the internet safer. Everything that I found was reported responsibly \u2013 and to be fair, it was not easy. I was ignored completely by some organizations and had a hard time finding contacts for others. Nevertheless, I still decided to go out of my way and practice my due diligence in notifying organizations that their security posture needs improvements.<\/p>\n<h2 class=\"wp-block-heading\" id=\"setting-up-your-ios-device\">Case Study \u2013 The College<\/h2>\n<p>One of the notable organizations which I found allowed LDAP Anonymous Binding was a college. It exposed data of all students and members of staff. Here you can see the data for one user:<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" data-attachment-id=\"3811\" data-permalink=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/image-4-7\/\" data-orig-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-4.png\" data-orig-size=\"632,332\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image-4\" data-image-description data-image-caption data-medium-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-4.png?w=300\" data-large-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-4.png?w=632\" loading=\"lazy\" width=\"632\" height=\"332\" src=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-4.png?w=632\" alt class=\"wp-image-3811\" srcset=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-4.png 632w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-4.png?w=220 220w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-4.png?w=300 300w\" sizes=\"auto, (max-width: 632px) 100vw, 632px\"><figcaption class=\"wp-element-caption\">Example of exposed data<\/figcaption><\/figure>\n<\/div>\n<p>At the moment we have the following pieces of information:<\/p>\n<ul>\n<li>Username<\/li>\n<li>Full name<\/li>\n<li>Password hash in SSHA format (managed to crack for 1711 accounts)<\/li>\n<li>Email address<\/li>\n<li>Security question<\/li>\n<li>Security answer<\/li>\n<\/ul>\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-attachment-id=\"3816\" data-permalink=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/image-6-6\/\" data-orig-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-6.png\" data-orig-size=\"200,167\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image-6\" data-image-description data-image-caption data-medium-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-6.png?w=200\" data-large-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-6.png?w=200\" loading=\"lazy\" width=\"200\" height=\"167\" src=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-6.png?w=200\" alt class=\"wp-image-3816\"><\/figure>\n<p>So not only was I able to crack the password for 1711 accounts, but I have the answer to the security question (as well as the questions themselves) for ALL accounts\u2026 Well, it cannot be this simple, can it?<\/p>\n<p>Let\u2019s try the Forgot Password flow!<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" data-attachment-id=\"3821\" data-permalink=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/image-7-6\/\" data-orig-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-7.png\" data-orig-size=\"595,268\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image-7\" data-image-description data-image-caption data-medium-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-7.png?w=300\" data-large-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-7.png?w=595\" loading=\"lazy\" width=\"595\" height=\"268\" src=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-7.png?w=595\" alt class=\"wp-image-3821\" srcset=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-7.png 595w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-7.png?w=220 220w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-7.png?w=300 300w\" sizes=\"auto, (max-width: 595px) 100vw, 595px\"><\/figure>\n<\/div>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" data-attachment-id=\"3823\" data-permalink=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/image-8-6\/\" data-orig-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-8.png\" data-orig-size=\"625,322\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image-8\" data-image-description data-image-caption data-medium-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-8.png?w=300\" data-large-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-8.png?w=625\" loading=\"lazy\" width=\"625\" height=\"322\" src=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-8.png?w=625\" alt class=\"wp-image-3823\" srcset=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-8.png 625w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-8.png?w=220 220w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-8.png?w=300 300w\" sizes=\"auto, (max-width: 625px) 100vw, 625px\"><\/figure>\n<\/div>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" data-attachment-id=\"3825\" data-permalink=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/image-9-6\/\" data-orig-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-9.png\" data-orig-size=\"614,455\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image-9\" data-image-description data-image-caption data-medium-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-9.png?w=300\" data-large-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-9.png?w=614\" loading=\"lazy\" width=\"614\" height=\"455\" src=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-9.png?w=614\" alt class=\"wp-image-3825\" srcset=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-9.png 614w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-9.png?w=220 220w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-9.png?w=300 300w\" sizes=\"auto, (max-width: 614px) 100vw, 614px\"><\/figure>\n<\/div>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" data-attachment-id=\"3828\" data-permalink=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/image-10-6\/\" data-orig-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-10.png\" data-orig-size=\"410,76\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image-10\" data-image-description data-image-caption data-medium-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-10.png?w=300\" data-large-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-10.png?w=410\" loading=\"lazy\" width=\"410\" height=\"76\" src=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-10.png?w=410\" alt class=\"wp-image-3828\" srcset=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-10.png 410w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-10.png?w=220 220w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-10.png?w=300 300w\" sizes=\"auto, (max-width: 410px) 100vw, 410px\"><\/figure>\n<\/div>\n<p>I am in! So, the data exposed via LDAP allowed me to change a user\u2019s password and enter their account. And you know what is beautiful? Single Sign-On (SSO) gave me access to Google (Mail, Drive, Photos), Moodle, as well as the college web site which exposed sensitive data such as the mailing address and payment and card details.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" data-attachment-id=\"3831\" data-permalink=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/image-11-6\/\" data-orig-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-11.png\" data-orig-size=\"786,156\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image-11\" data-image-description data-image-caption data-medium-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-11.png?w=300\" data-large-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-11.png?w=786\" loading=\"lazy\" width=\"786\" height=\"156\" src=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-11.png?w=786\" alt class=\"wp-image-3831\" srcset=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-11.png 786w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-11.png?w=220 220w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-11.png?w=300 300w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-11.png?w=768 768w\" sizes=\"auto, (max-width: 786px) 100vw, 786px\"><\/figure>\n<\/div>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" data-attachment-id=\"3833\" data-permalink=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/image-12-6\/\" data-orig-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-12.png\" data-orig-size=\"738,162\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image-12\" data-image-description data-image-caption data-medium-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-12.png?w=300\" data-large-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-12.png?w=738\" loading=\"lazy\" width=\"738\" height=\"162\" src=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-12.png?w=738\" alt class=\"wp-image-3833\" srcset=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-12.png 738w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-12.png?w=220 220w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-12.png?w=300 300w\" sizes=\"auto, (max-width: 738px) 100vw, 738px\"><\/figure>\n<\/div>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" data-attachment-id=\"3856\" data-permalink=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/image-15-4\/\" data-orig-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-15.png\" data-orig-size=\"951,853\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image-15\" data-image-description data-image-caption data-medium-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-15.png?w=300\" data-large-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-15.png?w=840\" loading=\"lazy\" width=\"951\" height=\"853\" src=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-15.png?w=951\" alt class=\"wp-image-3856\" srcset=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-15.png 951w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-15.png?w=220 220w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-15.png?w=300 300w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-15.png?w=768 768w\" sizes=\"auto, (max-width: 951px) 100vw, 951px\"><\/figure>\n<\/div>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" data-attachment-id=\"3836\" data-permalink=\"https:\/\/securitycafe.ro\/2023\/10\/16\/trench-tales-the-college-account-takeover-that-never-happened\/image-14-4\/\" data-orig-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-14.png\" data-orig-size=\"1024,683\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image-14\" data-image-description data-image-caption data-medium-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-14.png?w=300\" data-large-file=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-14.png?w=840\" loading=\"lazy\" width=\"1024\" height=\"683\" src=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-14.png?w=1024\" alt class=\"wp-image-3836\" srcset=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-14.png 1024w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-14.png?w=220 220w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-14.png?w=300 300w, https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image-14.png?w=768 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/figure>\n<\/div>\n<h2 class=\"wp-block-heading\" id=\"conclusion\">Conclusion<\/h2>\n<p>So, I started from a LDAP Anonymous Bind and ended with account takeover of all members of the institution exposing highly sensitive data. At the moment, the institution fixed the Anonymous Bind, but have yet to change all passwords and security questions\/answers. This was quite a ride \u2013 an experience of mass discovery of one misconfiguration leading to the exploitation and full takeover of one organization. There were a few challenges that I faced on this journey:<\/p>\n<ul>\n<li>The huge amount of data resulted from the LDAP directories\n<ul>\n<li>I saved tens of Gigabytes of data in text format. I have yet to analyze it all, but <strong>grep <\/strong>has been my best friend during this project.<\/li>\n<\/ul>\n<\/li>\n<li>Owners not responding to my emails\n<ul>\n<li>Several organizations ignored me altogether. Often, LDAP disclosed the phone numbers or personal email addresses of the high-ranking employees (CEO, CTO, etc.). Yet, I still decided to use the official channels despite being ignored because I wanted to avoid any perception of arm-twisting.<\/li>\n<\/ul>\n<\/li>\n<li>Proving the impact\n<ul>\n<li>A few organizations responded saying that \u201cthis is by design\u201d. For instance, disclosing the contact details (names, emails, phone numbers and addresses) of over 9000 employees or affiliates seems to be \u201cby design\u201d for certain organizations.<\/li>\n<li>For the case study presented in this article, it was important to access an account to prove the impact. For instance, even with access to the security question, if MFA was set up or if a confirmation email was sent to approve the password change, the exploit chain would have stopped there. So actually going in and checking out the SSO and all the integrations which are compromised via this vector was a clear-cut way to prove impact. <\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<div id=\"jp-post-flair\" class=\"sharedaddy sd-like-enabled sd-sharing-enabled\">\n<div class=\"sharedaddy sd-sharing-enabled\">\n<div class=\"robots-nocontent sd-block sd-social sd-social-icon-text sd-sharing\">\n<h3 class=\"sd-title\">Share this:<\/h3>\n<\/div>\n<\/div>\n<div class=\"sharedaddy sd-block sd-like jetpack-likes-widget-wrapper jetpack-likes-widget-unloaded\" id=\"like-post-wrapper-78950108-3747-652eb4961bf4b\" data-src=\"\/\/widgets.wp.com\/likes\/index.html?ver=20230906#blog_id=78950108&amp;post_id=3747&amp;origin=kpmgsecurity.wordpress.com&amp;obj_id=78950108-3747-652eb4961bf4b&amp;domain=securitycafe.ro\" data-name=\"like-post-frame-78950108-3747-652eb4961bf4b\" data-title=\"Like or Reblog\">\n<h3 class=\"sd-title\">Like this:<\/h3>\n<div class=\"likes-widget-placeholder post-likes-widget-placeholder\"><span class=\"button\"><span>Like<\/span><\/span> <span class=\"loading\">Loading&#8230;<\/span><\/div>\n<p><span class=\"sd-text-color\"><\/span><\/div>\n<\/div>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/35132\/Trench-Tales-The-College-Account-Takeover-That-Never-Happened.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":54160,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[8349],"class_list":["post-54159","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinehackerprivacydata-lossflawpassword"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Trench Tales: The College Account Takeover That Never Happened 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/trench-tales-the-college-account-takeover-that-never-happened\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Trench Tales: The College Account Takeover That Never Happened 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/trench-tales-the-college-account-takeover-that-never-happened\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-17T15:32:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image.png?w=374\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/trench-tales-the-college-account-takeover-that-never-happened\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/trench-tales-the-college-account-takeover-that-never-happened\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Trench Tales: The College Account Takeover That Never Happened\",\"datePublished\":\"2023-10-17T15:32:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/trench-tales-the-college-account-takeover-that-never-happened\\\/\"},\"wordCount\":1490,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/trench-tales-the-college-account-takeover-that-never-happened\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/trench-tales-the-college-account-takeover-that-never-happened.png\",\"keywords\":[\"headline,hacker,privacy,data loss,flaw,password\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/trench-tales-the-college-account-takeover-that-never-happened\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/trench-tales-the-college-account-takeover-that-never-happened\\\/\",\"name\":\"Trench Tales: The College Account Takeover That Never Happened 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/trench-tales-the-college-account-takeover-that-never-happened\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/trench-tales-the-college-account-takeover-that-never-happened\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/trench-tales-the-college-account-takeover-that-never-happened.png\",\"datePublished\":\"2023-10-17T15:32:45+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/trench-tales-the-college-account-takeover-that-never-happened\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/trench-tales-the-college-account-takeover-that-never-happened\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/trench-tales-the-college-account-takeover-that-never-happened\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/trench-tales-the-college-account-takeover-that-never-happened.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/trench-tales-the-college-account-takeover-that-never-happened.png\",\"width\":374,\"height\":896},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/trench-tales-the-college-account-takeover-that-never-happened\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,privacy,data loss,flaw,password\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerprivacydata-lossflawpassword\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Trench Tales: The College Account Takeover That Never Happened\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Trench Tales: The College Account Takeover That Never Happened 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/trench-tales-the-college-account-takeover-that-never-happened\/","og_locale":"en_US","og_type":"article","og_title":"Trench Tales: The College Account Takeover That Never Happened 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/trench-tales-the-college-account-takeover-that-never-happened\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-10-17T15:32:45+00:00","og_image":[{"url":"https:\/\/kpmgsecurity.files.wordpress.com\/2023\/10\/image.png?w=374","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/trench-tales-the-college-account-takeover-that-never-happened\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/trench-tales-the-college-account-takeover-that-never-happened\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Trench Tales: The College Account Takeover That Never Happened","datePublished":"2023-10-17T15:32:45+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/trench-tales-the-college-account-takeover-that-never-happened\/"},"wordCount":1490,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/trench-tales-the-college-account-takeover-that-never-happened\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/10\/trench-tales-the-college-account-takeover-that-never-happened.png","keywords":["headline,hacker,privacy,data loss,flaw,password"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/trench-tales-the-college-account-takeover-that-never-happened\/","url":"https:\/\/www.threatshub.org\/blog\/trench-tales-the-college-account-takeover-that-never-happened\/","name":"Trench Tales: The College Account Takeover That Never Happened 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/trench-tales-the-college-account-takeover-that-never-happened\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/trench-tales-the-college-account-takeover-that-never-happened\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/10\/trench-tales-the-college-account-takeover-that-never-happened.png","datePublished":"2023-10-17T15:32:45+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/trench-tales-the-college-account-takeover-that-never-happened\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/trench-tales-the-college-account-takeover-that-never-happened\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/trench-tales-the-college-account-takeover-that-never-happened\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/10\/trench-tales-the-college-account-takeover-that-never-happened.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/10\/trench-tales-the-college-account-takeover-that-never-happened.png","width":374,"height":896},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/trench-tales-the-college-account-takeover-that-never-happened\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,privacy,data loss,flaw,password","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerprivacydata-lossflawpassword\/"},{"@type":"ListItem","position":3,"name":"Trench Tales: The College Account Takeover That Never Happened"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54159","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=54159"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54159\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/54160"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=54159"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=54159"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=54159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}