Hot Topics

Strengthening The Canadian Financial Sector’s Cybersecurity
Dancho Danchev's OSINT and Threat Intelligence Training Video Demonstration in Bulgarian - Part Two
Dancho Danchev's OSINT and Threat Intelligence Training Video Demonstration in Bulgarian - Part One
Technical Analysis of Bandit Stealer
BSidesSF 2023 - Sanchay Jaipuriyar - Overwatch: A Serverless Approach To Orchestrating Your Security Automation

Automating the Discovery of NTLM Authentication Endpoints

emmaline | November 29, 2022 | Authentication, Automation, Chariot, corporate security, Labs, NTLM, Tools & Techniques

Recently, I have been working on adding support for automated enumeration and discovery of NTLM authentication endpoints to Chariot, our external attack surface and continuous automated red teaming product scanning pipeline. Our ...

Blog - Praetorian

NTLMv1 vs NTLMv2: Digging into an NTLM Downgrade Attack

emmaline | August 30, 2022 | Active Directory, adfs, corporate security, DFSCoerce, NTLM, Red Team, relaying attacks, Tools & Techniques

Overview During the summer, my colleague Derya Yavuz and I published an article on some of the different methods we’ve leveraged to elevate privileges within Active Directory environments. We discussed authentication coercion ...

Blog - Praetorian

How to Detect DFSCoerce

emmaline | June 23, 2022 | adfs, corporate security, DFSCoerce, NTLM, relaying attacks, Vulnerability Research

Background On 18 June 2022, security researcher Filip Dragovic published proof-of-concept code for a new forced authentication technique named DFSCoerce. This technique, inspired by other forced authentication techniques like PetitPotam and SpoolSample, ...

Blog - Praetorian

Coercing NTLM Authentication from SCCM

Chris Thompson | April 13, 2022 | NTLM, Penetration Testing, pentesting, Red Team, SCCM

tl;dr: Disable NTLM for Client Push InstallationWhen SCCM automatic site assignment and automatic client push installation are enabled, and PKI certificates aren’t required for client authentication, it’s possible to coerce NTLM authentication ...

Posts By SpecterOps Team Members - Medium

NetworkMiner 2.6 Released

Erik Hjelmvik | September 23, 2020 | email, Fritzbox, FTP, GRE, http, HTTP/2, IMAP, John, John-the-Ripper, json, JtR, LANMAN, Linux, Mono, NetworkMiner, NTLM, pcap, POP3, RFC1890, RFC3428, RFC3551, RFC7637, SIP, smtp, tor, VoIP

We are happy to announce the release of NetworkMiner 2.6 today! The network forensic tool is now even better at extracting emails, password hashes, FTP transfers and artifacts from HTTP and HTTP/2 ...

NETRESEC Network Security Blog

NetworkMiner 2.6 Released

NETRESEC Network Security Blog

10 Things You Need to Know About Kerberos

Eran Cohen | June 24, 2019 | KERBEROS, Microsoft, NTLM, Security skills

As our research team continues to find vulnerabilities in Microsoft that bypass all major NTLM protection mechanisms, we start to wonder about the successor protocol that replaced NTLM in Windows versions above ...

Preempt Blog

How to Easily Bypass EPA to Compromise any Web Server that Supports Windows Integrated Authentication

Yaron Zinar | June 11, 2019 | Microsoft, NTLM, Security Advisory

As announced in our recent security advisory, Preempt researchers discovered how to bypass the Enhanced Protection for Authentication (EPA) mechanism to successfully launch NTLM relay attacks on any server that supports WIA ...

Preempt Blog

Drop the MIC – CVE-2019-1040

Marina Simakov | June 11, 2019 | Microsoft, NTLM, Security Advisory

As announced in our recent security advisory, Preempt researchers discovered how to bypass the MIC (Message Integrity Code) protection on NTLM authentication and modify any field in the NTLM message flow, including ...

Preempt Blog

Your Session Key is My Session Key: How to Retrieve the Session Key for Any Authentication

Marina Simakov | June 11, 2019 | Microsoft, NTLM, Security Advisory

As announced in our recent security advisory, Preempt researchers discovered a critical vulnerability which allows attackers to retrieve the session key for any NTLM authentication and establish a signed session against any ...

Preempt Blog