NTDS.dit Dumping via Print Spooler Abuse
← Back to Labs
← Volver a Labs
Medium
Campaign, LOLBin
Defense Evasion
EDR, Sysmon, Windows

NTDS.dit Dumping via Print Spooler Abuse

In early 2026, threat actors exploited vulnerabilities in SolarWinds Web Help Desk, including CVE-2025-40551 and CVE-2025-40536, to gain initial access and escalate privileges on vulnerable servers. Attackers then leverage print.exe windows tool to extract sensitive information and exfiltrate them.

labs correlati

Contacts

Get in touch with us

Contact Us
chevron-right