#Hacktivity2023 // The Power of Coercion Techniques in Windows Environments
Martin Grottenthaler - The Power of Coercion Techniques in Windows Environments This presentation was held at #Hacktivity2023 IT security conference on 5th October 2023. Coercion techniques, such as PetitPotam or Printer Bug have been around for some time now. Surprisingly, many people believe that these techniques have been fixed and are no longer exploitable. In this presentation, I will demonstrate how these techniques can still be used to take over systems in a Windows environment. Coercion techniques like PetitPotam or Printer Bug do not have a lot of impact on their own. Essentially, they command a machine to connect to another IP address. Although Windows Authentication protocols are flawed, they are not flawed to the extent that this alone can result in the takeover of a system. This is likely why such “vulnerabilities” remain largely unfixed. However, these techniques can be used to exploit other vulnerabilities or misconfigurations. One well-known example is the Active Directory Certificate Service. PetitPotam in combination with a poorly configured Active Directory Certificate Service can allow an attacker to easily take over an entire Windows Domain. Microsoft has now provided guidance on how to configure the environment to prevent falling victim to this attack. Although a patch has been released, the PetitPotam coercion technique is still effective, albeit slightly more challenging to execute. The primary focus of this presentation will be the usage of coercion techniques in combination with lesser-known misconfigurations and how to prevent them. Even if no misconfigured Active Directory Certificate Service exists in an Active Directory, there are still some common misconfigurations that can be exploited using coercion techniques. Fortunately, the countermeasures against these attacks are relatively straightforward and well-known. It is highly probable that they were already suggested in a penetration test report. The intention of this presentation is also to provide additional justification for fixing these issues once and for all. #HACKTIVITY is the biggest event of its kind in Central & Eastern Europe. About 1000 visitors are coming from all around the globe every year to learn more about the latest trends of cybersecurity, get inspired by people with similar interest and develop themselves via comprehensive workshops and training sessions. https://www.hacktivity.com #cybersecurity #zerotrust

#Hacktivity2023 // That’s Just a Tool – Not Good Nor Bad. That Part is Up to YOU

#Hacktivity2023 // How Attackers Find & Exploit Secrets in Source Code

DEF CON 32 - Anyone can hack IoT- Beginner’s Guide to Hacking Your First IoT Device - Andrew Bellini

Cybersecurity Architecture: Networks

Quarkus vs Spring in 2026: What Spring Developers Need to Know

Complete Terraform Course - From BEGINNER to PRO! (Learn Infrastructure as Code)

The World's Most Important Machine

Deep House Mix 2026 | Emotional Night Drive, Vocal House, Nu Disco | Chill Mood

The Most Ridiculous Worker Fails Caught on Camera

Cyber Security Full Course for Beginner

China Is About To Pop The AI Bubble

Something is jamming GPS over Europe. Here's what we found

How to find rootkits in the linux kernel

Instant Focus Mode – 40Hz Gamma Brainwave Music for Deep Focus & Productivity

#Hacktivity2024 // Hacking CS:GO to Death

God Says:"THIS IS AN URGENT MESSAGE FOR YOU TODAY."/God Message Now/God Message

I Hacked This Temu Router. What I Found Should Be Illegal.

Revealing The SPECIAL TECHNIQUE Of A Pakistani Man To EXTRACT GOLD From Used Motherboard Waste

#Hacktivity2023 // AI Security

