A new NTLM relay attack dubbed ‘PetitPotam’ that has been discovered that lets threat actors to gain control of a domain controller, and hence an entire Windows domain.
Microsoft Active Directory Certificate Services, a public key infrastructure (PKI) server that is used to authenticate services, users, and machines on a Windows domain, is used by many companies.
Researchers earlier uncovered a way to force a domain controller to authenticate against a malicious NTLM relay, which would then send the request to the domain’s Active Directory Certificate Services through HTTP. The attacker would eventually be given a Kerberos ticket granting ticket (TGT) that would allow them to take the identity of any device on the network, even a domain controller.
To Read More: bleepingcomputer
For more such updates follow us on Google News ITsecuritywire News.