New DFSCoerce PoC Exploit Allows Attackers to Take Over Windows Domains

The recently published DFSCoerce PoC exploit uses the MS-DFSNM file system to take over Windows domains. This exploit is conceptually similar to the sensational PetitPotam attack. Let me remind you that we recently talked about how LockFile ransomware adopts ProxyShell and PetitPotam vulnerabilities. Filip Dragovich published a PoC script called “DFSCoerce” to attack an NTLM… Continue reading New DFSCoerce PoC Exploit Allows Attackers to Take Over Windows Domains