Remote Windows Server "WinReg" NTLM Relay attack

pianoxltd · 23.10.2024

[CVE-2024-43532]
The flaw affects all Windows server versions 2008 through 2022 as well as Windows 10 and Windows 11.

POC:

akamai-security-research/PoCs/cve-2024-43532 at main · akamai/akamai-security-research

This repository includes code and IoCs that are the product of research done in Akamai's various security research teams. - akamai/akamai-security-research

github.com

RPC to ADCS

We used this certificate to authenticate to the LDAP service on the domain controller and create a persistent new domain admin in the compromised domain

molotov477 · 27.10.2024

What kind of privilege is required to run this?

Mkatzzzz666 · 27.10.2024

Кто-то проверял?Работает?

pianoxltd · 28.10.2024

molotov477 сказал(а):

What kind of privilege is required to run this?

Elevation of Privilege

you can relay any privilege DU or DA to ADCS

pianoxltd · 28.10.2024

relay_demo_adcs

akamai-security-research/conferences_materials/NoHat 2024/relay_demo_adcs.mp4 at main · akamai/akamai-security-research

This repository includes code and IoCs that are the product of research done in Akamai's various security research teams. - akamai/akamai-security-research

github.com

Remote Windows Server "WinReg" NTLM Relay attack

pianoxltd

RAID-массив

akamai-security-research/PoCs/cve-2024-43532 at main · akamai/akamai-security-research

RPC to ADCS

molotov477

(L3) cache

Mkatzzzz666

RAID-массив

pianoxltd

RAID-массив

Elevation of Privilege

pianoxltd

RAID-массив

akamai-security-research/conferences_materials/NoHat 2024/relay_demo_adcs.mp4 at main · akamai/akamai-security-research

Remote Windows Server "WinReg" NTLM Relay attack

RAID-массив

RPC to ADCS​

(L3) cache

RAID-массив

RAID-массив

Elevation of Privilege​

RAID-массив

RPC to ADCS

Elevation of Privilege