NTLM Attack PetitPotam Lets Hackers Take Over Windows Domains
A new NTLM attack called PetitPotam allows hackers to take over a domain controller, and thus an entire Windows domain.
Previously an NTLM attack that used Microsoft Active Directory Certificate Services has been reported.
PetitPolam attack doesn't rely on the MS-RPRN API but instead uses the EfsRpcOpenFileRaw function of the MS-EFSRPC API.
Read more...