- 2 min read

What is the Microsoft AD noPac Exploit?

The noPac Microsoft Active Directory exploit is a security vulnerability that was discovered in 2021 and affects Microsoft Active Directory (AD) systems. It allows attackers to bypass the "Protected Users" security group in AD, which is a security feature that is designed to protect against certain types of attacks.

To understand the noPac exploit, it's helpful to first understand how the "Protected Users" security group works. When a user is added to the "Protected Users" security group, their account is given additional security protections.

These protections include:

No Kerberos delegation: Users in the "Protected Users" security group are not allowed to delegate their Kerberos tickets, which means that they cannot be used to authenticate to other systems on the network.
No NTLM authentication: Users in the "Protected Users" security group are not allowed to use NTLM authentication, which is a legacy authentication protocol that is susceptible to certain types of attacks.
No LM or NTLM password hashes: Users in the "Protected Users" security group do not have their LM or NTLM password hashes stored, which means that they cannot be used in certain types of attacks.
No offline password cracking: Users in the "Protected Users" security group do not have their password hashes stored in the AD database, which means that they cannot be cracked offline.

The noPac exploit allows attackers to bypass these protections by exploiting a weakness in the way that the "Protected Users" security group is implemented. Specifically, the exploit allows attackers to gain access to the LM and NTLM password hashes of users in the "Protected Users" security group. This is a significant vulnerability because it allows attackers to potentially gain access to sensitive systems and data on the network.

There are several ways that attackers can exploit the noPac vulnerability. One common method is through the use of "pass-the-hash" attacks, which involve using a stolen password hash to authenticate to a system or network.

Other methods include using the stolen password hashes in offline cracking attacks, or using them to gain access to other systems on the network through Kerberos delegation.

To protect against the noPac exploit, it's important to ensure that the latest security updates are applied to all systems, including AD servers. It's also a good idea to regularly review and update the membership of the "Protected Users" security group, as well as to implement other security measures, such as multi-factor authentication and strong password policies.

Learn more about our mission, vision and values.

Find the right department and get assistance.

Join our high-growth security team and do work that matters as you pursue your passion, enhance your skills, and create the dynamic career you deserve.

Review the website terms and conditions.

Review the website privacy policy.

Learn more about how we do business.

Build and advance your security program with a world class team of advisors, architects, and engineers.

Protect your organization from all angles with our proprietary multidimensional mode to risk management.

Design and develop policies and procedures based on industry and regulatory best practices.

Evaluate security readiness and test incident response plans to prepare for tomorrow's attacks today.

Evaluate cloud risks with posture management solutions designed to secure your cloud journey.

Build a security awareness and education program to train your users on security best practices.

Test devices, networks, and applications to identify security gaps and measure risk.

Go beyond vulnerability identification to demonstrate a proof of exploitation for security vulnerabilities and measure resilience to cyber risks.

Simulate real-world cyber attacks with a capture the flag approach designed to stress test security operations.

Benefit from a team of experienced security practitioners that will deploy, configure, and optimize security tools.

Design tightly integrated security solutions that meet your unique business and technical requirements.

Access a team of world-class experts to quickly investigate and respond to active security incidents.

Human-led security services delivered from an ISO 27001 certified SOC, the gold standard for security operations.

Consolidate security analytics and benefit from around the clock monitoring and alerting of cyber threats.

Gain enhanced endpoint visibility and threat detection capabilities that are fully optimized and managed.

Find, prioritize and fix vulnerabilities around the clock with specialized services designed to reduce cyber risk.

Benefit from a systematic approach to managing user identities, authentication, and authorization.

Streamline compliance and align your busines with industry and regulatory requirements with a fully managed service.

Learn more about the American Cyber Partner Program and the benefits of becoming a partner.

Login to the partner portal and submit a deal registration.

Hospitals, clinics and integrated delivery networks.

Credit unions, banks, private equity and more.

Military, law enforcement and national security.

Law firms, advocacy firms, lobbyists and more.

Food, industrial, auto, medical and more.

Internet, cloud, software, telecom and more.

Check out our posts for research-driven articles, industry trends, vendor reviews and more.

What is the Microsoft AD noPac Exploit?

Related Posts

Enter our mailing list for a chance to win free swag each month and access our threat newsletter.