Pwnie Awards 2020: Tom Tervoort wins Best Cryptographic Attack for Zerologon

2020 Pwnie Award Tom Tervoort Zerologon


On December 9th, 2020 our security expert Tom Tervoort won the Pwnie Award 2020 for best cryptographic attack for the Zerologon vulnerability.

The Pwnie Awards are given out once a year during the virtual Blackhat 2020 conference and celebrates the achievements of security researchers and the security community.

The award for Best Cryptographic Attack is awarded to the researcher who discovered the most impactful cryptographic attack against real-world systems. A Pwnie Cryptography Award should represent a meaningful break in a system actually deployed. The attack can require a math Ph.D to understand its workings, but not to understand its impact, and it can’t require a data center in Utah to exploit.


Zerologon

The Zerologon vulnerability (CVE-2020-1472) made use of an all-zero IV in the AES-CFB8 implementation used by Microsoft’s Netlogon authentication protocol allows an attacker to easily spoof credentials. An attacker can use this attack to change any Active Directory password and become Domain Admin.

For more background information about Zerologon, read our blog our white paper here.

White papers

Zerologon CVE-2020-1472 Whitepaper

Technical details behind Zerologon CVE-2020-1472.

Download white paper file_download