New NTLM Relay Attack ‘PetitPotam’ Allows Threat Actors to Take Over Windows Domains

New NTLM Relay Attack ‘PetitPotam’ Allows Threat Actors to Take Over Windows=

A new NTLM relay attack dubbed ‘PetitPotam’ that has been discovered that lets threat actors to gain control of a domain controller, and hence an entire Windows domain.

Microsoft Active Directory Certificate Services, a public key infrastructure (PKI) server that is used to authenticate services, users, and machines on a Windows domain, is used by many companies.

Researchers earlier uncovered a way to force a domain controller to authenticate against a malicious NTLM relay, which would then send the request to the domain’s Active Directory Certificate Services through HTTP. The attacker would eventually be given a Kerberos ticket granting ticket (TGT) that would allow them to take the identity of any device on the network, even a domain controller.

To Read More: bleepingcomputer

For more such updates follow us on Google News ITsecuritywire News