A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain. The attack does not rely on the MS-RPRN API but instead uses the EfsRpcOpenFileRaw function of MS-EFSRPC API. The attacker would be granted a Kerberos ticket granting ticket (TGT) that would allow them to assume the identity of any device on the network.
Source: https://www.bleepingcomputer.com/news/microsoft/new-petitpotam-attack-allows-take-over-of-windows-domains/