Exploiting the Netlogon Protocol

Explore an attack discovered against the Netlogon Remote Protocol (CVE-2019-1424) in this conference talk from the Hack In The Box Security Conference. Delve into the details of how a man-in-the-middle attacker can exploit this vulnerability to gain privileged remote code execution on domain-joined Windows systems. Learn about the Netlogon protocol, its relationship to NTLM, and previous exploits that abused Netlogon for NTLM relay attacks. Examine the custom cryptographic schemes used by the protocol for user authentication and message protection. Gain insights from Tom Tervoort, a Senior Security Specialist with expertise in network pentesting, cryptographic protocols, and Windows AD security.