Zerologon is a vulnerability in Microsoft’s Netlogon Remote Procedural Call (MS-NRPC) protocol. Specifically, this vulnerability occurs due to an incorrect implementation of the AES-128 Counter Feedback mode of operation. This vulnerability was given a CVSS score of 10 by Microsoft and can be carried out by anyone with a foothold in the network. This paper aims to explain the detail and working of MS-NRPC protocol, its vulnerability, and finally cover how to exploit it, something which the original paper by Secura left out.
You can download it from the following link: https://packetstormsecurity.com/files/download/160823/Understanding_and_Exploiting_Zerologon.pdf
Source: https://packetstormsecurity.com/files/160823/Understanding-And-Exploiting-Zerologon.html