Windows PetitPotam attacks can be blocked using new method

Security researchers have devised a way to block the recently disclosed PetitPotam attack vector that allows hackers to take control of a Windows domain controller easily. Last month, security researcher GILLES Lionel disclosed a new method called PetitPotam that forces a Windows machine, including a Windows domain controller, to authenticate against a threat actor’s malicious NTLM relay server using the Microsoft Encrypting File System Remote Protocol (EFSRPC).

Read full article on Bleeping Computer

 


Date:

Categorie(s):