Almost a year has passed since the “PetitPotam” attack vector was initially discovered. Shortly after, Microsoft Defender for Identity provideddetection capabilitiesfor this vulnerability. Earlier this month, a new attack vector that was inspired by PetitPotam waspublished by Filip Dragovic. The attack, which was later dubbed “DFSCoerce” can exploit the DFS-NM protocol to coerce the Domain Controller to authenticate against an NTLM Relay attack. This has the potential to allow a non-privileged user in the domain to become a domain admin.