ZEROLOGON Vulnerability

ZeroLogon is a vulnerability which exits within the netlogon protocol.

What is netlogon ?

Netlogon service is a Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers.

For more info visit

This vulnerability is exploitable due to flaw that is present with the encryption implimentation of AES-CFB8 (which is used for netlogon protocol encryption)

Sending a string of zeros to the netlogon triggers the vulnerability. By doing so the attacker can do privilege escalation and gain the admin privileges.

This can provide the attacker with :

-Access to the entire domain

-Further exploitation

-Network disruption

-Data exfiltration

In August 2020 Microsoft has provided a security update regarding this vulnerability which you can find here

You can use the ZeroLogon Tester Script to test your network for this vulnerability.

You can find the scipt here :

Secura has also released a whitepaper which you can find here

Hope this post was informational.

Until next post Stay tuned

27 views0 comments

Recent Posts

See All

People Do Crazy Stuff and We are one of them.

Thinkers and doers, from the field of Cybersecurity, Ethical Hacking, Python, Dark Net and Forensics, getting inspired from people from the same as well as different field of knowledge.

  • 800px-Telegram_2019_Logo.svg
  • Twitter
  • Instagram
  • Facebook

© 2020 by Bluefire Redteam LLP