A new DFSCoerce Windows NTLM relay attack uses MS-DFSNM to entirely take over a Windows domain. The script used is based on the PetitPotam exploit. For this attack, researchers abused the Microsoft Active Directory Certificate Services, which is exposed to NTLM relay attacks. The best way to stop such attacks is to follow the guidelines suggested in the advisory released by Microsoft.