RPC-based protocol abuse leads to domain takeover

RPC-based protocol abuse leads to domain takeover

2 years ago
Anonymous $dy9SWuvIkX

https://www.bleepingcomputer.com/news/microsoft/microsoft-quietly-fixes-shadowcoerce-windows-ntlm-relay-bug/

Microsoft has confirmed it fixed a previously disclosed 'ShadowCoerce' vulnerability as part of the June 2022 updates that enabled attackers to target Windows servers in NTLM relay attacks.

This NTLM relay attack method can be used by threat actors to force unpatched servers to authenticate against servers under the attacker's control, leading to a takeover of the Windows domain.