CVE-2025-33073 : la VULN 2025 la plus FLIPPANTE ? (NTLM Reflection)
Today, we review the attack discovered by Synacktiv (Wilfried Bécard & Guillaume André) on June 11, 2025: exploiting a local NTLM relay via a DNS record to relaunch authentication on the same machine (NTLM reflection). 🔍 On the agenda: 00:00 - Introduction & Background: Why this vulnerability is scary 00:54 - Review of NTLM, relays, and reflection attacks 01:38 - Review of existing protections and historical patches 02:40 - Accidental discovery of CVE-2025-33073 03:47 - Exploit demonstration (PetitPotam + ntlmrelayx) 06:40 - Why the SYSTEM token is wrongly granted 09:00 - Step-by-step attack scenario 11:05 - Impacts for administrators and real risks 12:35 - Defenses to implement: patches, SMB signing, audits 13:40 - Microsoft's reaction and June 2025 patch 15:10 - Conclusion & tips for staying protected Video on Pass The Hash: • HACKER sans MOT DE PASSE : L’attaque PASS ... Video on NTLM Relay: • PIRATER une entreprise en 15 MIN : LLMNR S... =[ Socials ]= → Discord: / discord → My X: / fransosiche =[ Sources ]= → https://www.synacktiv.com/en/publicat... → https://www.tiraniddo.dev/ #cybersecurity #security #getstarted #hacking #hacker #tutorial #FR #french #training #defensive #SOC #hacker #CVE2025 #NTLMReflection #CyberSecurity #SMBSigning #Kerberos #MicrosoftPatch #Synacktiv #ActiveDirectory #Pentest #NetworkSecurity

The Most Mysterious File On The Internet

Le minimum de réseau à savoir pour un Dev

Les confessions d’un ancien hacker de génie

Deviens un CRACK d’ACTIVE DIRECTORY (AD) pour mieux le CASSER

Cybercriminalité, des attaques bien réelles | ARTE

Le Hacker qui Enquêtait sur Lui-Même - L'affaire Ubiquiti

Something is jamming GPS over Europe. Here's what we found

Researcher Drops INSANE Exploit.

Le virus le plus flippant de l'Histoire

Comment la CIA a manipulé un logiciel utilisé par des millions de gens

World's Deadliest Computer Virus: WannaCry

The World's Most Important Machine

How to Find Someone Who Thinks They're Untraceable? (OSINT Awareness)

I Hacked This Temu Router. What I Found Should Be Illegal.

Madagascar : les petites mains de l’IA | ARTE Reportage

How to trap cybercriminals? (and spy on them 🍯)

Ils ont cassé Internet : Interview des Hackers (React & Mongo & Laravel)

Change This 1 Setting to Stop ISP Tracking & Speed Up Internet

L'attaque informatique la plus sophistiquée de l'Histoire

