CypherCon 2022

Print Spooler & Petite Potam to Silver Tickets – Live Demo

Dustin Heywood


Have you ever wanted to know how the MS-RPRN Print Spooler service can lead to local admin? Do you know what Microsoft EFS is? This will be a live demo of coerced authentication resulting in a silver ticket which can be used to get domain admin. This demo will show how both Print Spooler and Petite Potam can be abused in modern environments, and why NTLMv1 guarantees compromise. Cracking with Hashcat, and will be covered, as well as NTLMv2 relay without MIC protections.

Dustin Heywood

Likes MUD

EvilMog is a Senior Managing Consultant for X-Force Red, the Bishop of the Church of Wifi, Member of Team Hashcat, and he has a collection of Uber Badges to multiple security conferences.