PetitPotam Vulnerability Analysis
Open Report

A Free Guide To CTOs SOC Teams CTI Analysts

(…)PetitPotam is a very critical vulnerability that affects Windows systems. In this report, issues such as what a PetitPotam vulnerability is, why it originates, what systems it affects, how it can be exploited, and measures that can be taken against the vulnerability are discussed. It is important to implement the security updates released to avoid being affected by attacks targeting the PetitPotam vulnerability. If the update is not applied, the receipt of said precautions is very important in terms of the safety of the systems.

PetitPotam is a vulnerability that affects Windows domain controllers (Domain Controller) or servers and is known as NTLM Relay Attack. Safety, Cyber-threat actors seize NTLM authentication hash knowledge, allowing the authentication processes in the target device.

PetitPotam vulnerability, which causes a man-in-the-middle attack, allows a domain controller to perform NTLM authentication using the MS-EFSRPC protocol. This process is carried out via LSARPC((Local Security Authority Remote Protocol). By forcing the target computer to perform an authentication process and share hash passwords via NTLM, Windows AD CS can be exploited, and certificate information can be captured. A TGT ticket can be requested on its behalf by imitating the target device with the received certificate information. In this way, all domain controllers can be taken over without any authentication(…)