Rémi GASCOU (Podalirius)

Hi @jsdhasfedssad, Thanks for reporting this bug. It's indeed not supposed to happen and I'll take care of it soon! Best regards,

It's in the plans ;)

In order to solve this problem, I recreated a test environment: ## Test environment Setting registry keys in `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters` to the following values: - `LDAPServerIntegrity` : **2** (Require Signing) -...

The problem seems to come from the required LDAP signing (in `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters`): | Property | Value | LDAPmonitor can connect? | |-------------------------------|--------------------------------|-------------| | `LDAPServerIntegrity` | **1** (None) | Yes :heavy_check_mark:...

We checked with @ShutdownRepo, and it is not possible to perform a password change with [SamrUnicodeChangePasswordUser2](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/acb3204a-da8b-478e-9139-1ea589edb880) using Kerberos when the current password is expired (`STATUS_PASSWORD_EXPIRED`), since the bypass relies on...

Hi! Yes it was the intended behavior, but I can change it. I chose this implementation so that you can still filter all the results with the table headers in...

Adding to the Todo list :)

Added in https://github.com/p0dalirius/Coercer/commit/a8fd0373b0ae41999f4337304558e9ad4b1611fe 

Hi, He is absolutely right and that checks out with my tests It is a lack of time, but It should be added yes :) [windows-coerced-authentication-methods in MS-EVEN](https://github.com/p0dalirius/windows-coerced-authentication-methods/tree/master/possible-working-calls/MS-EVEN%20-%20EventLog%20Remoting%20Protocol) Hopefully I...

Hey @AdrianVollmer, This is a very good idea, I'll look into it in January 2024! Best regards,