Pentera Labs Research Series The Short Path from DHCP Spoofing to EternalBlue

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

DHCP may be famous for being an essential Windows networking protocol, but it is also infamous, or at least it should be, for falling victim to cyber attacks and leading adversaries to dangerous achievements. For a recap of common DHCP spoofing techniques and how to test your vulnerability to them, see part 1 in this blog series: DHCP Spoofing 101

On-premise poisoning techniques continue to be one of the leading mid-stage attacks used by adversaries to collect data, enable lateral movement, and perform privilege escalation after gaining an initial foothold in the network. In this post, we’ll explain some lesser-known methods for abusing DHCP in conjunction with NetBIOS settings that can open the door to extreme exploits, including EternalBlue attacks. 

Not only NTLM – the risk of enabling NetBIOS using DHCP 

You probably already know that attackers can attach malicious configuration data to DHCP responses. Typically, this means attackers will aim to set themselves as the DNS server and Default Gateway for their victims.

Read the article