Blog Entries

02. 01. 2023 Beatrice Dall'Omo Red Team, SEC4U

Focus on the noPac Attack

In December 2021 Microsoft revealed two vulnerabilities concerning an Active Directory Domain Services privilege elevation, classified as CVE-2021-42278 and CVE-2021-42287. By combining the two exploits in the so-called noPac attack, a malicious actor could perform a privilege escalation by impersonating the Domain Administrator after starting out as a standard user. This would lead to a…

Read More

Archive