NTLM Attack PetitPotam Lets Hackers Take Over Windows Domains

A new NTLM attack called PetitPotam allows hackers to take over a domain controller, and thus an entire Windows domain. Previously an NTLM attack that used Microsoft Active Directory Certificate Services has been reported. PetitPolam attack doesn't rely on the MS-RPRN API but instead uses the EfsRpcOpenFileRaw function of the MS-EFSRPC API. Read more...