From Stranger to DA // Using PetitPotam to NTLM relay to Domain Administrato - Truesec
Tags
Common Information
| Type | Value |
|---|---|
| UUID | b41f91ac-0ed1-4ac8-8cb4-989cc75d5a44 |
| Fingerprint | 3f1329518dc2cfb0 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Aug. 5, 2021, midnight |
| Added to db | Jan. 18, 2023, 9:08 p.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | Using PetitPotam to NTLM Relay to Domain Administrator |
| Title | From Stranger to DA // Using PetitPotam to NTLM relay to Domain Administrato - Truesec |
| Detected Hints/Tags/Attributes | 38/1/44 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 138 | setup.py |
|
| Details | Domain | 23 | ntlmrelayx.py |
|
| Details | Domain | 5 | petitpotam.py |
|
| Details | Domain | 1 | kekeo.zip |
|
| Details | Domain | 2 | mimikatz.zip |
|
| Details | Domain | 49 | wmiexec.py |
|
| Details | Domain | 1 | www.exandroid.dev |
|
| Details | Domain | 26 | posts.specterops.io |
|
| Details | Domain | 4 | www.blumira.com |
|
| Details | Domain | 1 | www.bussink.net |
|
| Details | File | 144 | requirements.txt |
|
| Details | File | 127 | setup.py |
|
| Details | File | 22 | ntlmrelayx.py |
|
| Details | File | 4 | certfnsh.asp |
|
| Details | File | 5 | petitpotam.py |
|
| Details | File | 1 | kekeo.zip |
|
| Details | File | 1 | kekeo.exe |
|
| Details | File | 6 | mimikatz_trunk.zip |
|
| Details | File | 1 | mimikatz.zip |
|
| Details | File | 76 | mimikatz.exe |
|
| Details | File | 45 | wmiexec.py |
|
| Details | Github username | 1 | exandroiddev |
|
| Details | Github username | 4 | topotam |
|
| Details | Github username | 29 | gentilkiwi |
|
| Details | Github username | 14 | secureauthcorp |
|
| Details | md5 | 1 | 9815c330fd6ce34663a2e7a5f0444848 |
|
| Details | IPv4 | 2 | 10.0.0.18 |
|
| Details | Microsoft Patch Numbers | 6 | KB5005413 |
|
| Details | Url | 1 | https://github.com/exandroiddev/impacket.git |
|
| Details | Url | 1 | http://pki.lab.local/certsrv/certfnsh.asp |
|
| Details | Url | 4 | https://github.com/topotam/petitpotam |
|
| Details | Url | 1 | https://github.com/gentilkiwi/kekeo/releases/download/2.2.0-20210723/kekeo.zip |
|
| Details | Url | 1 | https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20210724/mimikatz_trunk.zip |
|
| Details | Url | 1 | https://www.exandroid.dev/2021/06/23/ad-cs-relay-attack-practical-guide |
|
| Details | Url | 3 | https://posts.specterops.io/certified-pre-owned-d95910965cd2 |
|
| Details | Url | 1 | https://isc.sans.edu/forums/diary/active |
|
| Details | Url | 1 | https://www.blumira.com/ntlm-relay-attack-petitpotam |
|
| Details | Url | 1 | https://www.bussink.net/ad-cs-exploit-via-petitpotam-from-0-to-domain-domain |
|
| Details | Url | 14 | https://github.com/gentilkiwi/mimikatz |
|
| Details | Url | 3 | https://github.com/gentilkiwi/kekeo |
|
| Details | Url | 1 | https://github.com/exandroiddev/impacket/tree/ntlmrelayx-adcs-attack |
|
| Details | Url | 7 | https://github.com/secureauthcorp/impacket |
|
| Details | Url | 1 | https://blog.truesec.com/2021/07/25/mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-adv210003-kb5005413-petitpotam |