From Stranger to DA // Using PetitPotam to NTLM relay to Domain Administrator
Knock knock, who’s there? Your new DA!
Several vulnerabilities that have been recently disclosed, namely:
MS-EFSRPC – AKA PetitPotam
– AKA PetitPotam Credential Relaying abusing the AD CS role
Any attacker with internal network access, such as a phished client or a malicious planted device in the network, can take over the entire Active Directory domain without any initial credentials. Domain Controllers and AD CS…