Varonis debuts trailblazing features for securing Salesforce. Learn More

Varonis announces strategic partnership with Microsoft to acclerate the secure adoption of Copilot.

Learn more

Threat Update 53 – ProxyShell and PetitPotam and Ransomware… Oh My!

1 min read
Last updated January 17, 2023

Technology grows, evolves, and changes over time, but most organizations often need to support legacy systems. In the Microsoft world, this typically means keeping legacy authentication protocols like NTLM authentication around despite their known shortcomings. The new PetitPotam attack exploits some of these legacy protocols to take over Windows domains.

Join Kilian and Kyle Roth from the Varonis Incident Response team as they discuss the background of the PetitPotam attack, how attackers and ransomware operators are weaponizing it, and tips to help defend against it.

Articles referenced in this episode:

New PetitPotam attack allows take over of Windows domains 

LockFile ransomware uses PetitPotam attack to hijack Windows domains

https://github.com/topotam/PetitPotam

👉To learn how else we can help, please visit us at:  https://www.varonis.com/help/

 

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
Try Varonis free.
Get a detailed data risk report based on your company’s data.
Deploys in minutes.
Keep reading
threat-update-56-–-sso-imposter:-targeting-box
Threat Update 56 – SSO Imposter: Targeting Box
In the final part of the series, Kilian Englert and Ryan O’Boyle from the Varonis Cloud Architecture team walk through how attackers could target Box. They investigate how an attacker…
threat-update-55-–-sso-imposter:-targeting-google
Threat Update 55 – SSO Imposter: Targeting Google
In part two of this three-part series, Kilian Englert and Ryan O’Boyle from the Varonis Cloud Architecture team investigate how an attacker who compromised a single sign-on admin account can…
threat-update-54-–-sso-imposter:-intrusion
Threat Update 54 – SSO Imposter: Intrusion
Virtually every organization leveraging more than a few cloud offerings has a single sign-on solution to simplify the management of their various cloud apps. With a little careful planning, attackers…
threat-update-53-–-proxyshell-and-petitpotam-and-ransomware…-oh-my!
Threat Update 53 – ProxyShell and PetitPotam and Ransomware… Oh My!
Technology grows, evolves, and changes over time, but most organizations often need to support legacy systems. In the Microsoft world, this typically means keeping legacy authentication protocols like NTLM authentication…