Silverfort Security Advisory: NTLM Relay to AD CS – PetitPotam and Printer Bug

The PetitPotam attack, published on GitHub, causes a remote server to authenticate to a target server with NTLM, using an MS-EFSRPC command called EfsRpcOpenFileRaw. MS-EFSRPC is a protocol that enables remote access to encrypted files. Causing a server to authenticate with NTLM remotely is bad, because it can be used to trigger NTLM relay attacks. A […]