DCs are organizations’ core. A successful DoS attack against them can break authentication and paralyze operations. Following our LdapNightmare release, the first public DoS exploit for CVE-2024-49113, we found two new DoS-style attack surfaces on DCs: new critical DoS vulnerabilities, and creating a botnet harnessing public DCs for DDoS. Our goal: create the Win-DoS epidemic - infect DCs with Win-DoS and make them infect others, forming Win-DDoS. Building on LDAPNightmare, we explored client-side targeting, often exposing weaker code. By turning DCs into LDAP clients via NetLogon RPC, using LDAP referrals, we redirected them to chosen domains/ports, matching our goals. Moreover, we knew DDoS was powerful, but aimed to replicate its effect from a single machine. We focused on RPC servers - abundant in Windows with wide attack surfaces, especially those not requiring authentication. By abusing security gaps in RPC bindings, we hit the same RPC server relentlessly from one system, far surpassing standard concurrency limits! and WOW, found vulns crashing any Windows: servers and endpoints alike! We present “Win-DoS Epidemic” - DoS tools exploiting four new Win-DoS and one Win-DDoS zero-click vulns! Crash any Windows endpoint/server, including DCs, or launch a botnet using public DCs for DDoS. The epidemic has begun

DEF CON 34 - DEF CON Policy Announcement - Katie Noble, Heather West
5.4K views

DEF CON 33 - DisguiseDelimit: Exploiting Synology NAS with Delimiters and Novel Tricks - Ryan Emmon
11.1K views

DEF CON 33 - Browser Extension Clickjacking: One Click and Your Credit Card Is Stolen - Marek Tóth
8.5K views

DEF CON 33 - Can't Stop the ROP: Automating Universal ASLR Bypasses - Bramwell Brizendine
3.6K views

DEF CON 33 Recon Village - Building Local Knowledge Graphs for OSINT - Donald Pellegrino
5.4K views

DEF CON 33 Recon Village - Mapping the Shadow War From Estonia to Ukraine - Evgueni Erchov
6.4K views