Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore advanced Windows denial-of-service attack techniques in this DEF CON 33 conference talk that demonstrates how to exploit RPC vulnerabilities to create devastating DoS and DDoS attacks against Windows systems. Learn about the "Win-DoS Epidemic" methodology that builds upon the LdapNightmare exploit to target domain controllers and create self-propagating attacks. Discover how researchers identified four new Win-DoS vulnerabilities and one Win-DDoS zero-click vulnerability by exploiting security gaps in RPC bindings and LDAP referrals. Understand the process of turning domain controllers into LDAP clients through NetLogon RPC manipulation, enabling attackers to redirect traffic to chosen domains and ports. Master techniques for bypassing standard concurrency limits to overwhelm RPC servers from a single machine, effectively replicating distributed denial-of-service effects without requiring multiple attack sources. Examine methods for creating botnets that harness public domain controllers for amplified DDoS attacks, transforming critical infrastructure into attack vectors. Gain insights into client-side targeting strategies that expose weaker code paths in Windows systems, and learn how these vulnerabilities can crash any Windows endpoint or server, including domain controllers, through zero-click exploitation techniques that require no user interaction or authentication.
