This query will search if your environment has the conditions to be exposed by the recent "PetitPotam" vulnerability as described here: https://nakedsecurity.sophos.com/2021/07/26/windows-petitpotam-network-attack-how-to-protect-against-it/
This will only return a result if your environment meets the requirements.
WITH regKey AS (SELECT CASE WHEN data = '7' THEN 'NTLM is disabled' ELSE 'NTLM is enabled - Consider Microsoft mitigation steps' END AS NTLM_Status FROM registry WHERE path = 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\restrictntlmindomain'), AD_CS AS (SELECT name FROM windows_optional_features WHERE caption LIKE 'Certificate Services Enrollment Server' OR 'Web Enrollment Services') SELECT name, NTLM_Status FROM AD_CS JOIN regKey
You should enable Extended Protection for Authentication if you must use NTLM.
