PetitPotam abuses the Encrypting File System (MS-EFSRPC) protocol, which is designed for performing maintenance and management operations on encrypted data that is stored remotely and accessed over a network. An unauthenticated attacker can use PetitPotam to get a targeted server to connect to their server and perform NTLM authentication.

https://www.bleepingcomputer.com/news/microsoft/new-petitpotam-attack-allows-take-over-of-windows-domains/
https://thehackernews.com/2021/07/new-petitpotam-ntlm-relay-attack-lets.html
https://twitter.com/gentilkiwi/status/1418700887195795456
https://support.microsoft.com/en-gb/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429
https://github.com/gentilkiwi/mimikatz/releases