Win-DDoS: Domain Controllers Exploited for DDoS Attacks via RPC, LDAP
Summary
Hide â˛
Show âŧ
A new attack technique, Win-DDoS, exploits public domain controllers (DCs) to create a botnet for distributed denial-of-service (DDoS) attacks. The technique leverages RPC and LDAP protocols to overwhelm victim servers. The attack does not require code execution or credentials, making it difficult to trace. The attack works by sending RPC calls to DCs, which then send LDAP queries to the attacker's server. The server responds with referral URLs that direct the DCs to send LDAP packets to a target IP and port, creating a DDoS effect. The technique was presented at DEF CON 33 by SafeBreach researchers Or Yair and Shahak Morag. It highlights significant flaws in the Windows LDAP client code and the potential for high-bandwidth DDoS attacks without needing dedicated infrastructure.
Timeline
-
10.08.2025 22:30 đ° 1 articles
Win-DDoS Technique Exploits Domain Controllers for DDoS Attacks
A new attack technique, Win-DDoS, exploits public domain controllers (DCs) to create a botnet for distributed denial-of-service (DDoS) attacks. The technique leverages RPC and LDAP protocols to manipulate DCs into sending LDAP packets to a target IP and port, creating a high-bandwidth DDoS effect. The attack does not require code execution or credentials, making it stealthy and difficult to trace. The technique was presented at DEF CON 33 by SafeBreach researchers Or Yair and Shahak Morag. It highlights significant flaws in the Windows LDAP client code and the potential for high-bandwidth DDoS attacks without needing dedicated infrastructure.
Show sources
- New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP â thehackernews.com â 10.08.2025 22:30
Information Snippets
-
Win-DDoS exploits domain controllers (DCs) to create a DDoS botnet.
First reported: 10.08.2025 22:30đ° 1 source, 1 articleShow sources
- New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP â thehackernews.com â 10.08.2025 22:30
-
The attack leverages RPC and LDAP protocols to manipulate DCs into sending LDAP packets to a target IP and port.
First reported: 10.08.2025 22:30đ° 1 source, 1 articleShow sources
- New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP â thehackernews.com â 10.08.2025 22:30
-
The technique does not require code execution or credentials, making it stealthy and difficult to trace.
First reported: 10.08.2025 22:30đ° 1 source, 1 articleShow sources
- New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP â thehackernews.com â 10.08.2025 22:30
-
The attack was presented at DEF CON 33 by SafeBreach researchers Or Yair and Shahak Morag.
First reported: 10.08.2025 22:30đ° 1 source, 1 articleShow sources
- New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP â thehackernews.com â 10.08.2025 22:30
-
The attack highlights significant flaws in the Windows LDAP client code.
First reported: 10.08.2025 22:30đ° 1 source, 1 articleShow sources
- New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP â thehackernews.com â 10.08.2025 22:30
-
The technique can create high-bandwidth DDoS attacks without needing dedicated infrastructure.
First reported: 10.08.2025 22:30đ° 1 source, 1 articleShow sources
- New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP â thehackernews.com â 10.08.2025 22:30
-
The attack flow involves sending RPC calls to DCs, which then send LDAP queries to the attacker's server.
First reported: 10.08.2025 22:30đ° 1 source, 1 articleShow sources
- New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP â thehackernews.com â 10.08.2025 22:30
-
The attacker's server responds with referral URLs that direct the DCs to send LDAP packets to a target IP and port.
First reported: 10.08.2025 22:30đ° 1 source, 1 articleShow sources
- New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP â thehackernews.com â 10.08.2025 22:30
-
The technique can trigger an LSASS crash, reboot, or blue screen of death (BSoD) by sending lengthy referral lists to DCs.
First reported: 10.08.2025 22:30đ° 1 source, 1 articleShow sources
- New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP â thehackernews.com â 10.08.2025 22:30
-
The attack can be used to exploit domain controllers for DDoS attacks without the need for authentication.
First reported: 10.08.2025 22:30đ° 1 source, 1 articleShow sources
- New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP â thehackernews.com â 10.08.2025 22:30
-
The attack can be used to exploit domain controllers for DDoS attacks without the need for authentication.
First reported: 10.08.2025 22:30đ° 1 source, 1 articleShow sources
- New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP â thehackernews.com â 10.08.2025 22:30
-
The attack can be used to exploit domain controllers for DDoS attacks without the need for authentication.
First reported: 10.08.2025 22:30đ° 1 source, 1 articleShow sources
- New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP â thehackernews.com â 10.08.2025 22:30
-
The attack can be used to exploit domain controllers for DDoS attacks without the need for authentication.
First reported: 10.08.2025 22:30đ° 1 source, 1 articleShow sources
- New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP â thehackernews.com â 10.08.2025 22:30
-
The attack can be used to exploit domain controllers for DDoS attacks without the need for authentication.
First reported: 10.08.2025 22:30đ° 1 source, 1 articleShow sources
- New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP â thehackernews.com â 10.08.2025 22:30