Which exploit CVE-2020-1472 allows impersonation of domain controllers?

Zerologon targets the Netlogon authentication process to impersonate a domain controller. It exploits a flaw in the Netlogon Remote Protocol that allows an attacker to establish a secure channel with a domain controller using an all-zero cryptographic value. By repeatedly initiating a Netlogon session with this zero-valued material, the attacker can make the domain controller accept authentication as if it were the DC itself. Once this secure channel is forged, the attacker effectively impersonates the domain controller, gaining privileged access and the ability to take control of domain operations. Other options don’t leverage this Netlogon weakness to impersonate a DC; for example, DCSync involves harvesting credentials from a DC rather than forging a DC session, and the remaining items relate to different security protections or features.