Post by Semperis

40,562 followers

It started with a simple question about LDAP filters. It ended with the discovery of two new vulnerabilities that can take down a domain and give a low-privileged attacker a path to your entire enterprise. If you're an Active Directory admin, blue teamer, or identity architect, check out Shai Laron at Black Hat and get this session on your schedule: ๐Ÿ‘€ Identity Crisis: Novel Vulnerabilities Leading to Kerberos Downgrade, DoS, and Full Domain Takeover ๐Ÿ“… Wednesday, August 5 | 3:35pm-4:15pm ( Oceanside C ) What he's unveiling: ๐Ÿ”ด KerberLoss (CVE-2026-25177): bypasses a forest-wide security mechanism to trigger denial of service and force authentication to downgrade from Kerberos to NTLM. ๐Ÿ”ด ResetNightmare (CVE-2026-27912): a logical flaw in Kerberos that lets a low-privileged user compromise any account in the domain, including Domain Admins. Common prerequisite. Full domain takeover. And yes, the tool that automates the full attack flow is dropping with the session. โœจBonus: Shai will also be at DEF CON.

Post content