Hot Topics

DFSCoerce

NTLMv1 vs NTLMv2: Digging into an NTLM Downgrade Attack

NTLMv1 vs NTLMv2: Digging into an NTLM Downgrade Attack

| | Active Directory, adfs, corporate security, DFSCoerce, NTLM, Red Team, relaying attacks, Tools & Techniques
Overview During the summer, my colleague Derya Yavuz and I published an article on some of the different methods we’ve leveraged to elevate privileges within Active Directory environments. We discussed authentication coercion ...
Blog - Praetorian
Elevating Privileges with Authentication Coercion Using DFSCoerce

Elevating Privileges with Authentication Coercion Using DFSCoerce

| | adfs, Authentication, corporate security, DFSCoerce, Privilege Escalation, relaying attacks, Tools & Techniques
Background In our previous blog post, we talked about the recently-published DFSCoerce utility which is useful for forcing NTLM or Kerberos authentication by interacting with the Distributed File Service (DFS) over Remote ...
Blog - Praetorian
How to Detect DFSCoerce

How to Detect DFSCoerce

| | adfs, corporate security, DFSCoerce, NTLM, relaying attacks, Vulnerability Research
Background On 18 June 2022, security researcher Filip Dragovic published proof-of-concept code for a new forced authentication technique named DFSCoerce. This technique, inspired by other forced authentication techniques like PetitPotam and SpoolSample, ...
Blog - Praetorian