Detections
Analytics

PetitPotam

critical

Language:

Description

PetitPotam tool can be used to coerce authentication of the target machine to a remote system, generally to perform NTLM relay attacks. If PetitPotam targets a domain controller, an attacker can authenticate to another network machine relaying the domain controller's authentication.

See Also

Coercer tool

MITRE ATT&CK description

PetitPotam tool

Microsoft - KB5005413 - Use of PetitPotam for AD CS vulnerability

Indicator Details

Name: PetitPotam

Codename: I-PetitPotam

Severity: Critical

MITRE ATT&CK Information:
ID: T1187
Sub-technique of: T1187
Tactic: TA0006