A comprehensive framework implementing the "Win-DoS Epidemic" research, which discovered 5 critical vulnerabilities affecting Windows systems through novel attack techniques.
Created by SafeBreach Labs (Joint work of Or Yair and Shahak Morag). For the full technical analysis check out the blog post
This framework implements research that discovered 5 critical vulnerabilities affecting Windows systems:
- LDAP Referral DoS (CVE-2025-32724) - Memory exhaustion via massive LDAP referral lists affecting Domain Controllers
- NetLogon RPC DoS #1 (CVE-2025-26673) - Memory exhaustion in
NetrServerReqChallengefunction affecting Domain Controllers - NetLogon RPC DoS #2 (CVE-2025-49716) - Memory exhaustion in
DsrAddressToSiteNamesWfunction affecting Domain Controllers - Spoolsv RPC DoS (CVE-2025-49722) - Memory exhaustion in
RpcEnumPrintersfunction affecting all Windows endpoints
- LDAP Referral DDoS (CVE-2025-32724) - Leveraging Domain Controllers as DDoS botnet participants without authentication
-
Clone the repository:
git clone <repository-url> cd Win-DoS
-
Install dependencies for specific modules:
- For LDAP attacks:
cd ldap_attacks && pip install -r requirements.txt - For RPC attacks:
cd rpc_attacks && pip install -r requirements.txt
- For LDAP attacks:
Implements the LDAP referral attacks we discovered. Features:
- DoS Mode: Memory exhaustion via massive LDAP referral lists (500,000+ URLs)
- DDoS Mode: Leveraging Domain Controllers as botnet participants
Implements the RPC memory exhaustion attacks we discovered. Features:
- TorpeDoS technique: Pre-bind thousands of clients without waiting for bind acks, pre-sign packets if needed, and flood victims with many RPC calls at once
| Or Yair | Shahak Morag | |
|---|---|---|
| Or Yair | Shahak Morag | |
| @oryair1999 | @shahakmo |