NTLM Archives

FBI Warns: Ubiquiti EdgeRouter is STILL Not Secure

GRU APT28 is back again: Fancy Bear still hacking ubiquitous gear, despite patch availability ...

Security Boulevard

How to Use The MixMode Platform to Discover NTLM Authentication and Validate Windows SMB Signing Requirements

Josh Snow | June 13, 2023 | AI Cybersecurity, Blog, NTLM, smb1, Third Wave AI, Vulnerabilities

NTLM (New Technology Land Manager) has been a protocol used for over 20 years, but it suffers from weak cryptography and vulnerabilities like NTLM relay attacks. In this video, we explore the ...

MixMode

Automating the Discovery of NTLM Authentication Endpoints

emmaline | November 29, 2022 | Authentication, Automation, Chariot, corporate security, Labs, NTLM, Tools & Techniques

Recently, I have been working on adding support for automated enumeration and discovery of NTLM authentication endpoints to Chariot, our external attack surface and continuous automated red teaming product scanning pipeline. Our ...

Blog - Praetorian

NTLMv1 vs NTLMv2: Digging into an NTLM Downgrade Attack

emmaline | August 30, 2022 | Active Directory, adfs, corporate security, DFSCoerce, NTLM, Red Team, relaying attacks, Tools & Techniques

Overview During the summer, my colleague Derya Yavuz and I published an article on some of the different methods we’ve leveraged to elevate privileges within Active Directory environments. We discussed authentication coercion ...

Blog - Praetorian

How to Detect DFSCoerce

emmaline | June 23, 2022 | adfs, corporate security, DFSCoerce, NTLM, relaying attacks, Vulnerability Research

Background On 18 June 2022, security researcher Filip Dragovic published proof-of-concept code for a new forced authentication technique named DFSCoerce. This technique, inspired by other forced authentication techniques like PetitPotam and SpoolSample, ...

Blog - Praetorian

Coercing NTLM Authentication from SCCM

Chris Thompson | April 13, 2022 | NTLM, Penetration Testing, pentesting, Red Team, SCCM

tl;dr: Disable NTLM for Client Push InstallationWhen SCCM automatic site assignment and automatic client push installation are enabled, and PKI certificates aren’t required for client authentication, it’s possible to coerce NTLM authentication ...

Posts By SpecterOps Team Members - Medium

NetworkMiner 2.6 Released

Erik Hjelmvik | September 23, 2020 | email, Fritzbox, FTP, GRE, http, HTTP/2, IMAP, John, John-the-Ripper, json, JtR, LANMAN, Linux, Mono, NetworkMiner, NTLM, pcap, POP3, RFC1890, RFC3428, RFC3551, RFC7637, SIP, smtp, tor, VoIP

We are happy to announce the release of NetworkMiner 2.6 today! The network forensic tool is now even better at extracting emails, password hashes, FTP transfers and artifacts from HTTP and HTTP/2 ...

NETRESEC Network Security Blog

NetworkMiner 2.6 Released

NETRESEC Network Security Blog

10 Things You Need to Know About Kerberos

Eran Cohen | June 24, 2019 | KERBEROS, Microsoft, NTLM, Security skills

As our research team continues to find vulnerabilities in Microsoft that bypass all major NTLM protection mechanisms, we start to wonder about the successor protocol that replaced NTLM in Windows versions above ...

Preempt Blog

How to Easily Bypass EPA to Compromise any Web Server that Supports Windows Integrated Authentication

Yaron Zinar | June 11, 2019 | Microsoft, NTLM, Security Advisory

As announced in our recent security advisory, Preempt researchers discovered how to bypass the Enhanced Protection for Authentication (EPA) mechanism to successfully launch NTLM relay attacks on any server that supports WIA ...

Preempt Blog

NTLM

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On