
← Back to Labs
← Volver a Labs
Medium
Campaign, LOLBin
Defense Evasion
EDR, Sysmon, Windows
NTDS.dit Dumping via Print Spooler Abuse
In early 2026, threat actors exploited vulnerabilities in SolarWinds Web Help Desk, including CVE-2025-40551 and CVE-2025-40536, to gain initial access and escalate privileges on vulnerable servers. Attackers then leverage print.exe windows tool to extract sensitive information and exfiltrate them.



