An 'Attack Path' Mapping Approach to CVEs 2021-42287 and 2021-42278

## Executive Summary This technical blog documents the weaponization of CVE-2021-42287 and CVE-2021-42278 against Active Directory, detailing an attack path that creates and renames machine accounts to impersonate domain controllers and request Kerberos TGTs (using tools like PowerMad/Impacket and Rubeus). It focuses on detection engineering by mapping the attack lifecycle to Windows Security Event telemetry and providing Splunk SPL queries for proactive and reactive detection on domain controllers.