Understanding and Exploiting Zerologon
This paper aims to explain the detailed working of Zerologon vulnerability. Zerologon vulnerability arise due to insecure implementation of AES-128 Counter Feedback Mode of Operation in Microsoft Netlogon Remote Procedure Calls (MS-NRPC) protocol.
- Understanding what is Netlogon protocol and how it works.
- Different vulnerabilities in this protocol and how to check for them.
- Prerequisites to setup the lab to perform the exploit.
- Running the testers and crafting the exploit.
- Mitigatiuons and Preventions to prevent such attacks.