PrintNightmare…from attack to detection via Microsoft Defender for Identity (MDI) and -Endpoint (MDE)

PrintNightmare is a (zero-day) vulnerability (CVE-2021–1675 and CVE-2021–34527) that can exploit the print spooler service on domain controllers via DLL injection (remote print driver).

The attack

Microsoft Defender for Identity (MDI)

--

--

--

Chief Technology Officer @ Nedscaper

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

VersalNFT  Presale Announcement

How is Cloud Security Accelerating the Pace of Innovation?

Ask Me Anything ( AMA ) Series #121 Crypto Zyte x COINSWAP On October 14th, 2021.

PolkaBridge - Claim the Meme Token ,Hold More PBR, Earn More CORGIB

Tachyon Protocol Weekly Report #47

Venmo, Strava, and Why They Haven’t Been Fined €20,000,000

$22,000 GIVEAWAY ANNOUNCEMENT

Hack This Site: Realistic Web Mission — Level 6

Hack This Site: Realistic Web Mission — Level 6

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Derk van der Woude

Derk van der Woude

Chief Technology Officer @ Nedscaper

More from Medium

CyberDefenders — Malware Traffic Analysis Series (2)

OSINT Double Trouble

Spam Spam

screenshot of junk email offering rewards for doing a survey

Obtaining Target Information Using NMAP Script Engine(SNMP Enumeration)