PrintNightmare…from attack to detection via Microsoft Defender for Identity (MDI) and -Endpoint (MDE)

PrintNightmare is a (zero-day) vulnerability (CVE-2021–1675 and CVE-2021–34527) that can exploit the print spooler service on domain controllers via DLL injection (remote print driver).

The attack

Microsoft Defender for Identity (MDI)

--

--

--

Chief Technology Officer @ Nedscaper

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

OCSP and F5 -Good or Revoked

Post mortem — Chain exploit — 2022–05–08

My Tomcat Host: 1 | Walkthrough | Vulnhub | Infosecwarrior.

How much control do you enforce on your Microsoft 365 services?

Is transparency good for trust?

A tale of Business Email Compromise

We work only with peer-to-peer sites that have an Escrow system

{UPDATE} HAUR KANTAK Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Derk van der Woude

Derk van der Woude

Chief Technology Officer @ Nedscaper

More from Medium

How Big Of An Issue Is Game Cyber Security?

Wireless Pioneer Betacom Secures $15M in Funding, Launches Industry’s First Managed Private 5G…

MSTICPy Release 1.5

A Bokeh generated graph showing an incident and associated entity nodes.

Dive into the MITRE Engage™ Official Release