PetitPotam Attack – Have You Hardened Your Active Directory?

Written by: Venu Vissamsetty – VP Security Research, Attivo Networks – Security researcher Gilles Lionel recently disclosed an attack technique named PetitPotam, allowing attackers to achieve domain compromise with just network access to the Enterprise infrastructure. The technique is a classic NTLM relay attack on any offered server services (e.g., a domain controller). Lionel also released proof-of-concept code on GitHub, demonstrating how attackers can use this specific attack technique to achieve domain compromise. Several other security researchers confirmed the severity and impact of this attack technique soon afterward.