ntlm – WindowsTechs.com

Can NTLM pass-through authentication be done without NetLogon?

Posted on February 22, 2024 by superstav

In any "recent" documentation regarding NTLM (Microsoft) I see it stated that the mechanism of pass-through authentication is done over a NetLogon channel, which should be secure. This secure channel is also used to pass the sess… Continue reading Can NTLM pass-through authentication be done without NetLogon?→

This Week in Security: Filename Not Sanitized, MonikerLink, and Snap Attack!

Posted on February 16, 2024 by Jonathan Bennett

Reading through a vulnerability report about ClamAV, I came across a phrase that filled me with dread: “The file name is not sanitized”. It’s a feature, VirusEvent, that can be …read more Continue reading This Week in Security: Filename Not Sanitized, MonikerLink, and Snap Attack!→

Impossible NTLMv2 hash format with Responder lm option

Posted on February 10, 2024 by Joy

While doing an internal assessment, I stumbled upon a very weird looking NTLMv2 hash (I will not use the "Net-NTLM" terminology but I’m talking about the NTLM protocol ) while using Responder with the –lm option (which afaik/wha… Continue reading Impossible NTLMv2 hash format with Responder lm option→

It is possible to receive ntlm response with ipv6. What about ipv4?

Posted on January 26, 2024 by Firat

I performed ntlm relay attack with mitm6 and ntlmrelayx. I used mitm6 for dns spoofing. When the victim sent a query containing where the DHCP is located, I identified myself as the DHCP server. Then I became proxy with WPAD so victim make… Continue reading It is possible to receive ntlm response with ipv6. What about ipv4?→

New NTLM Hash Leak Attacks Target Outlook, Windows Programs

Posted on January 22, 2024 by Eduard Kovacs

Varonis finds one vulnerability and three attack methods that can be used to obtain NTLM hashes via Outlook and two Windows programs.
The post New NTLM Hash Leak Attacks Target Outlook, Windows Programs appeared first on SecurityWeek.
Continue reading New NTLM Hash Leak Attacks Target Outlook, Windows Programs→

Microsoft Improves Windows Security with a Path to Move Off NTLM

Posted on November 22, 2023 by Mary Branscombe

It’s time to stop relying on the insecure authentication protocol built into Windows. Microsoft is making it easier to switch to secure modern options. Continue reading Microsoft Improves Windows Security with a Path to Move Off NTLM→

Microsoft Improving Windows Authentication, Disabling NTLM

Posted on October 16, 2023 by Ionut Arghire

Microsoft is adding new features to the Kerberos protocol, to eliminate the use of NTLM for Windows authentication.
The post Microsoft Improving Windows Authentication, Disabling NTLM appeared first on SecurityWeek.
Continue reading Microsoft Improving Windows Authentication, Disabling NTLM→

Using rainbow tables to obtain the first 7 characters of a windows password(LM/NTLMv1)

Posted on October 9, 2023 by Teererai Marange

I am trying to understand how an attacker is able to use the halflm challenge rainbow table to obtain the first 7 characters of a windows password that was used to authenticate a user using LM/NTLMv1. To help you understand my confusion, c… Continue reading Using rainbow tables to obtain the first 7 characters of a windows password(LM/NTLMv1)→

Kerberos – NTLM Password Hashes – Questions!

Posted on September 15, 2023 by Matías Huartamendía

I have worked as a system administrator mainly on Widnows Server for some years now.
Over the course of time I’ve always had a hard time trying to fully understand how Kerberos work.
For about 3 weeks as of now I have been informing and st… Continue reading Kerberos – NTLM Password Hashes – Questions!→

NTLM Relay detection logic

Posted on September 2, 2023 by chendoy

I am learning NTLM and came across an attack against it called NTLM Relay, where an attacker intercepts and relays NTLM authentication traffic between a client and a server.
One of the questions was to think of a detection logic that would… Continue reading NTLM Relay detection logic→