10 Things You Need to Know About Kerberos

10 Things You Need to Know About Kerberos

As our research team continues to find vulnerabilities in Microsoft that bypass all major NTLM protection mechanisms, we start to wonder about the successor protocol that replaced NTLM in Windows versions above ...
How to Easily Bypass EPA to Compromise any Web Server that Supports Windows Integrated Authentication

How to Easily Bypass EPA to Compromise any Web Server that Supports Windows Integrated Authentication

As announced in our recent security advisory, Preempt researchers discovered how to bypass the Enhanced Protection for Authentication (EPA) mechanism to successfully launch NTLM relay attacks on any server that supports WIA ...
Drop the MIC - CVE-2019-1040

Drop the MIC – CVE-2019-1040

As announced in our recent security advisory, Preempt researchers discovered how to bypass the MIC (Message Integrity Code) protection on NTLM authentication and modify any field in the NTLM message flow, including ...
Your Session Key is My Session Key: How to Retrieve the Session Key for Any Authentication

Your Session Key is My Session Key: How to Retrieve the Session Key for Any Authentication

As announced in our recent security advisory, Preempt researchers discovered a critical vulnerability which allows attackers to retrieve the session key for any NTLM authentication and establish a signed session against any ...
Security Advisory: Critical Vulnerabilities in NTLM Allow Remote Code Execution and Cloud Resources Compromise

Security Advisory: Critical Vulnerabilities in NTLM Allow Remote Code Execution and Cloud Resources Compromise

On June 2019 Patch Tuesday, Microsoft released patches for CVE-2019-1040 and CVE-2019-1019, two vulnerabilities discovered by Preempt researchers. The critical vulnerabilities consist of three logical flaws in NTLM (Microsoft’s proprietary authentication protocol) ...
What State-Sponsored Attacks Can Teach Us About Conditional Access

What State-Sponsored Attacks Can Teach Us About Conditional Access

People often think that state-sponsored attacks from groups like Lazarus (North Korea), Fancy Bear (Russia) or menuPass (China) only target public federal organizations in Western nations like the U.S. This is simply ...
New Microsoft Exchange Vulnerability Exposes Domain Admin Privileges: Here’s What to Do

New Microsoft Exchange Vulnerability Exposes Domain Admin Privileges: Here’s What to Do

| | Microsoft, NTLM
Last week, the CERT Coordination Center (CERT/CC) issued a vulnerability note warning versions of Microsoft Exchange 2013 and newer are vulnerable to an NTLM relay attack that allows for attackers to gain ...
LDAP & RDP Relay Vulnerabilities in NTLM - Demonstration

The Security Risks of NTLM: Proceed with Caution

| | Active Directory, KERBEROS, NTLM, risk
NTLM (NT LAN Manager) is Microsoft's old authentication protocol that was replaced with Kerberos starting Windows 2000. It was designed and implemented by Microsoft engineers for the purpose of authenticating accounts between ...
Ever Run a Relay?  Why SMB Relays Should Be On Your Mind

Ever Run a Relay? Why SMB Relays Should Be On Your Mind

Time is never on your side when you’re onsite with a client and trying to get the first good foothold, with admin privileges, can seem impossible. However, some things seem to work ...