by mbaye on 3/30/20, 7:58 AM with 4 comments
by ipython on 3/30/20, 12:21 PM
I'm confused about the ntlm hashes - so it sounds like there is some service that contacts the auto-generated guid domain and sends legit SMB traffic to it? That seems really odd? I'd be curious to hear more about that.
by maallooc on 3/30/20, 11:52 AM
Wow. That’s textbook bad engineering. Could’ve done guid.nonexistanttld but they just had to do guid.com!