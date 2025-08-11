Attacks involving Win-DDoS commence with RPC call delivery that enables DCs to become CLDAP clients before DCs' subsequent delivery of CLDAP requests to the attacker-controlled server, the distribution of LDAP request over TCP, and the eventual closing of the TCP connection, reported SafeBreach researchers in a study presented at the DEF CON 33 security conference. Threat actors could also harness compromised DCs worldwide to facilitate LDAP packet delivery to the ports and IPs of their choice. "Our findings break common assumptions in enterprise threat modeling: that DoS risks only apply to public services, and that internal systems are safe from abuse unless fully compromised. The implications for enterprise resilience, risk modeling, and defense strategies are significant," said researchers.
Robust DDoS botnet likely with chained Windows flaws
Tens of thousands of public domain controllers could be looped into a robust distributed denial-of-service botnet through the new Win-DDoS attack technique, which leverages multiple already-fixed security vulnerabilities in Windows Lightweight Directory Access Protocol, Windows Local Security Authority Subsystem Service, Windows Netlogon, and Windows Print Spooler, according to The Hacker News.
Attacks involving Win-DDoS commence with RPC call delivery that enables DCs to become CLDAP clients before DCs' subsequent delivery of CLDAP requests to the attacker-controlled server, the distribution of LDAP request over TCP, and the eventual closing of the TCP connection, reported SafeBreach researchers in a study presented at the DEF CON 33 security conference. Threat actors could also harness compromised DCs worldwide to facilitate LDAP packet delivery to the ports and IPs of their choice. "Our findings break common assumptions in enterprise threat modeling: that DoS risks only apply to public services, and that internal systems are safe from abuse unless fully compromised. The implications for enterprise resilience, risk modeling, and defense strategies are significant," said researchers.
