Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Alex Neff Profile picture
Alex Neff
@al3x_n3ff
Pentester | Maintainer of NetExec
Jun 23 7 tweets 2 min read
Onelogon: Taking over Active Directory Accounts via Netlogon🔑

We analyzed Netlogon, bypassed the Zerologon patch, resulting in a full auth bypass. An attacker can leverage this to compromise computer accounts, or even the entire AD. Non-standard config must be present tho 🧵 Compromise an Active Directory Domain with the Onelogon vulnerability
Scanning an AD domain for accounts vulnerable to Onelogon Unlike Zerologon, the exploit requires a non-default GPO to be configured. Specifically, all accounts for which RPC signing&sealing is disabled can be compromised with this exploit. The GPO was added with the Zerologon patch to ensure backwards compatibility for legacy systems🧵