Tradecraft Security WeeklySubscribe
Identity

Relaying NTLMv1/v2 – Tradecraft Security Weekly #14

A very common attack that many networks are vulnerable to is called LLMNR or NBT-NS poisoning. Through this attack it is possible to gain access to a user's NTLMv1 or v2 password hash. A more interesting attack can be carried out under the same premise though. Instead of just obtaining a password hash the user's authenticated session to another host can be exploited to run arbitrary code on the server. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) shows how to perform this attack using the PowerShell tool Inveigh.

LINKS: Inveigh Nmap SMB-Signing Discovery byt3bl33der blog post SANS blog post LLMNR & NBT-NS Blog Post Responder Multi-Relay Impacket SMBRelayx Metasploit SMB_Relay Module

[audio src="http://traffic.libsyn.com/tswaudio/Relaying_NTLMv1_v2_-_Tradecraft_Security_Weekly_14_converted.mp3"]

An In-Depth Guide to Identity

Get essential knowledge and practical strategies to fortify your identity security.

Related

BeyondTrust breach hits US Treasury Department

The U.S. Treasury Department was confirmed to have its computers and documents compromised by Chinese state-backed advanced persistent threat hackers in an attack targeted at its BeyondTrust Remote Support software-as-a-service instance just over a week after the BeyondTrust breach was initially reported, reports BleepingComputer.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Basic AuthenticationBiometricsCertificate-Based AuthenticationChallenge-Handshake Authentication Protocol (CHAP)Digest AuthenticationDigital CertificateDiscretionary Access Control (DAC)

You can skip this ad in 5 seconds