Zerologon

Anatomy of a Hack: Hands-on Red Teaming with the “Zerologon” Netlogon Elevation of Privilege Vulnerability with Mimikatz Integration

Written by
Immersive Labs
Published on
November 5, 2020

In August, Microsoft announced the release of a patch to address an attacker’s ability to establish a Netlogon secure channel to a domain controller via the Netlogon Remote Protocol (MS-NRPC) under CVE-2020-1472.

Dubbed Zerologon, this vulnerability is only partially patched today, with Microsoft admittedly only addressing how the secure RPC channel encryption is established, leaving the enforcement of the secured channel to be handled manually today and required in an update to be released in February of 2021.

In this Anatomy of a Hack webinar, you’ll discover the details around the Zerologon vulnerability, how it works, and what’s at risk. In addition, our own Director of Cyber Threat Research, Kev Breen, provides a hands-on demonstration on how to use this attack in red teaming and discusses how to effectively perform blue team efforts, including:

  • Detection of non-compliance devices
  • Identification of denied connections (indicating a potential attempt)
  • What details are available to respond to suspected attacks
Watch Now (Link)
Share this post