Alessandro Iandoli
Alessandro Iandoli
The remotePotat0 exploit, by @splinter_code and @decoder_it, triggers an NTLM authentication attempt from a computer account (or a domain admin user if logged on) towards an RPC endpoint. Then NTLM...
Currently, ntlmrelayx.py will try to bypass MIC only exploiting CVE-2019-1040. In this article https://www.preempt.com/blog/active-directory-ntlm-attacks/ by preempt, it's detailed CVE-2019-1166 a.k.a "drop the mic 2". Here the code I added, will...
I've added the possibility to trigger the NTLM authentication of a computer/user account against a remote endpoint, in order to relay the NTLM messages towards an LDAPS/LDAP endpoint on a...