CyberHappenings logo
☰

Win-DDoS: Domain Controllers Exploited for DDoS Attacks via RPC, LDAP

First reported
Last updated
📰 1 unique sources, 1 articles

Summary

Hide ▲

A new attack technique, Win-DDoS, exploits public domain controllers (DCs) to create a botnet for distributed denial-of-service (DDoS) attacks. The technique leverages RPC and LDAP protocols to overwhelm victim servers. The attack does not require code execution or credentials, making it difficult to trace. The attack works by sending RPC calls to DCs, which then send LDAP queries to the attacker's server. The server responds with referral URLs that direct the DCs to send LDAP packets to a target IP and port, creating a DDoS effect. The technique was presented at DEF CON 33 by SafeBreach researchers Or Yair and Shahak Morag. It highlights significant flaws in the Windows LDAP client code and the potential for high-bandwidth DDoS attacks without needing dedicated infrastructure.

Timeline

  1. 10.08.2025 22:30 📰 1 articles

    Win-DDoS Technique Exploits Domain Controllers for DDoS Attacks

    A new attack technique, Win-DDoS, exploits public domain controllers (DCs) to create a botnet for distributed denial-of-service (DDoS) attacks. The technique leverages RPC and LDAP protocols to manipulate DCs into sending LDAP packets to a target IP and port, creating a high-bandwidth DDoS effect. The attack does not require code execution or credentials, making it stealthy and difficult to trace. The technique was presented at DEF CON 33 by SafeBreach researchers Or Yair and Shahak Morag. It highlights significant flaws in the Windows LDAP client code and the potential for high-bandwidth DDoS attacks without needing dedicated infrastructure.

    Show sources

Information Snippets