Cybersecurity Vulnerabilities
October 28, 2020

Upcoming Anatomy of a Hack: Hands-on Red Teaming with the “Zerologon” Vulnerability

Ultimate Windows Security
a person typing on a keyboardlong exposure image of man walking by blue panels

In August, Microsoft announced the release of a patch to address an attacker’s ability to establish a Netlogon secure channel to a domain controller via the Netlogon Remote Protocol (MS-NRPC) under CVE-2020-1472. Using a weak cryptographic algorithm in Netlogon’s authentication process, the attacker is able to achieve an elevation in privileges by impersonating any account desired and have control over all of Active Directory. Windows Server OSes from Server 2008 through 2019 are vulnerable to this attack and require an immediate update.

Dubbed Zerologon, this vulnerability is only partially patched today, with Microsoft admittedly only addressing how the secure RPC channel encryption is established, leaving the enforcement of the secured channel to be handled manually today and required in an update to be released in February of 2021.

Weaknesses in Microsoft’s cryptography are nothing new; the Curveball vulnerability from earlier this year took advantage of Windows crypt32.dll to create false certificates allowing for websites, applications, and systems to appear trusted. Curveball’s success put the attacker’s focus squarely on Microsoft’s cryptography, with Zerologon being indicative that additional vulnerability was found.

Microsoft isn’t alone in this; cryptography is strong but many implementations are weak. It’s hard to do cryptography right.

Mimikatz already has integrated support for Zerologon, making the exploitation of domain controllers and identifying easily compromised credentials an even easier task for attackers.

On Tuesday, November 3rd, Immersive Labs will join Ultimate Windows Security for a deep dive into this topic during the webinar, Anatomy of a Hack: Hands-on Red Teaming with the “Zerologon” Netlogon Elevation of Privilege Vulnerability with Mimikatz Integration.

Randy Franklin Smith of Ultimate Windows Security will discuss the details around the vulnerability, how it works, and what’s at risk. Not only that but our own Director of Cyber Threat Research, Kev Breen, will be totally hands-on and demonstrate how to use this attack in red teaming using the Immersive Labs platform.

In addition, Kev will discuss how to effectively perform blue team efforts, including:

  • Detection of non-compliance devices
  • Identification of denied connections (indicating a potential attempt)
  • What details are available to respond to suspected attacks

This real training for free event will be jam packed with technical detail and real-world application. Register today!

Trusted by top companies worldwide
to enhance cybersecurity

Trusted by some of the world’s biggest brands, we’re committed to taking your cybersecurity readiness to the next level - and we’re just getting started.

What Our Customers
Are Saying About Immersive

Realistic simulation of current threats is the only way to test and improve response readiness, and to ensure that the impact of a real attack is minimized. Immersive’s innovative platform, combined with Kroll’s extensive experience, provides the closest thing to replication of a real incident — all within a safe virtual environment.

Paul Jackson
Regional Managing Director, APAC Cyber Risk, Kroll

The speed at which Immersive produces technical content is hugely impressive, and this turnaround has helped get our teams ahead of the curve, giving them hands-on experience with serious vulnerabilities, in a secure environment, as soon as they emerge.

TJ Campana
Head of Global Cybersecurity Operations, HSBC

We no longer worry about managing infrastructure, leaving us free to build great courses.

Daniel Duggan
Director, Zero-Point Security

Ready to Get Started?
Get a Live Demo.

Simply complete the form to schedule time with an expert that works best for your calendar.