Info

petitPotem_relay_web.pcap - Captured on a Kali machine against a Server 2016 DC CS.

Win10_Kali_DC_PetitPotem_Combined.pcap - Captured on both a Kali machine and Windows 10 host against a Server 2016 DC CS. Merged the two pcaps together with mergecap.

Links

https://github.com/topotam/PetitPotam

https://www.bussink.net/ad-cs-exploit-via-petitpotam-from-0-to-domain-domain/

https://blog.truesec.com/2021/07/25/mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-adv210003-kb5005413-petitpotam/