DFSCoerce
NTLMv1 vs NTLMv2: Digging into an NTLM Downgrade Attack
emmaline | | Active Directory, adfs, corporate security, DFSCoerce, NTLM, Red Team, relaying attacks, Tools & Techniques
Overview During the summer, my colleague Derya Yavuz and I published an article on some of the different methods we’ve leveraged to elevate privileges within Active Directory environments. We discussed authentication coercion ...
Elevating Privileges with Authentication Coercion Using DFSCoerce
emmaline | | adfs, Authentication, corporate security, DFSCoerce, Privilege Escalation, relaying attacks, Tools & Techniques
Background In our previous blog post, we talked about the recently-published DFSCoerce utility which is useful for forcing NTLM or Kerberos authentication by interacting with the Distributed File Service (DFS) over Remote ...
How to Detect DFSCoerce
Background On 18 June 2022, security researcher Filip Dragovic published proof-of-concept code for a new forced authentication technique named DFSCoerce. This technique, inspired by other forced authentication techniques like PetitPotam and SpoolSample, ...