PDF, PPTX3,403 views

Ntlm Unsafe

This document provides an overview and critique of the NTLM authentication protocol. It begins with an agenda that includes background on NTLM, how it works, its weaknesses around password equivalence and dictionary attacks. It then demonstrates how the NTLM hash is equivalent to the password by modifying client code to directly use the hash instead of a password. The document aims to help understand NTLM's risks so one can justify hardening measures against its vulnerabilities.

Technology◦

More Related Content

PPTX

Abusing Microsoft Kerberos - Sorry you guys don't get it

byBenjamin Delpy

PDF

NSC #2 - D2 02 - Benjamin Delpy - Mimikatz

byNoSuchCon

PDF

aclpwn - Active Directory ACL exploitation with BloodHound

byDirkjanMollema

PDF

Hunting for Credentials Dumping in Windows Environment

byTeymur Kheirkhabarov

PDF

Red Team Methodology - A Naked Look

byJason Lang

PPTX

Troopers 19 - I am AD FS and So Can You

byDouglas Bienstock

PPTX

Red team upgrades using sccm for malware deployment

byenigma0x3

PDF

SpecterOps Webinar Week - Kerberoasting Revisisted

byWill Schroeder

Abusing Microsoft Kerberos - Sorry you guys don't get it

byBenjamin Delpy

NSC #2 - D2 02 - Benjamin Delpy - Mimikatz

byNoSuchCon

aclpwn - Active Directory ACL exploitation with BloodHound

byDirkjanMollema

Hunting for Credentials Dumping in Windows Environment

byTeymur Kheirkhabarov

Red Team Methodology - A Naked Look

byJason Lang

Troopers 19 - I am AD FS and So Can You

byDouglas Bienstock

Red team upgrades using sccm for malware deployment

byenigma0x3

SpecterOps Webinar Week - Kerberoasting Revisisted

byWill Schroeder

What's hot

PPTX

XXE - XML External Entity Attack

byCysinfo Cyber Security Community

PPTX

Mitre Attack - Credential Dumping - updated.pptx

bywaizuq

PDF

DerbyCon 2019 - Kerberoasting Revisited

byWill Schroeder

PDF

Ace Up the Sleeve

byWill Schroeder

PDF

A Threat Hunter Himself

bySergey Soldatov

PPTX

Sqlmap

byRushikesh Kulkarni

PPTX

Passwords#14 - mimikatz

byBenjamin Delpy

PDF

0wn-premises: Bypassing Microsoft Defender for Identity

byNikhil Mittal

PDF

No Easy Breach DerbyCon 2016

byMatthew Dunwoody

PPT

Advanced Sql Injection ENG

byDmitry Evteev

PPTX

Useful Group Policy Concepts

byRob Dunn

PDF

Derbycon - The Unintended Risks of Trusting Active Directory

byWill Schroeder

PPTX

Here Be Dragons: The Unexplored Land of Active Directory ACLs

byAndy Robbins

PPTX

(Ab)Using GPOs for Active Directory Pwnage

byPetros Koutroumpis

PDF

April, 2021 OpenNTF Webinar - Domino Administration Best Practices

byHoward Greenberg

PDF

Performance Wins with BPF: Getting Started

byBrendan Gregg

ODP

SELinux for Everyday Users

byPaulWay

PPTX

Automated Operating System Deployment Using SCCM 2012

byAbdelslam Elsobky

PDF

Privilege escalation from 1 to 0 Workshop

byHossam .M Hamed

PDF

Not a Security Boundary

byWill Schroeder

XXE - XML External Entity Attack

byCysinfo Cyber Security Community

Mitre Attack - Credential Dumping - updated.pptx

bywaizuq

DerbyCon 2019 - Kerberoasting Revisited

byWill Schroeder

Ace Up the Sleeve

byWill Schroeder

A Threat Hunter Himself

bySergey Soldatov

Sqlmap

byRushikesh Kulkarni

Passwords#14 - mimikatz

byBenjamin Delpy

0wn-premises: Bypassing Microsoft Defender for Identity

byNikhil Mittal

No Easy Breach DerbyCon 2016

byMatthew Dunwoody

Advanced Sql Injection ENG

byDmitry Evteev

Useful Group Policy Concepts

byRob Dunn

Derbycon - The Unintended Risks of Trusting Active Directory

byWill Schroeder

Here Be Dragons: The Unexplored Land of Active Directory ACLs

byAndy Robbins

(Ab)Using GPOs for Active Directory Pwnage

byPetros Koutroumpis

April, 2021 OpenNTF Webinar - Domino Administration Best Practices

byHoward Greenberg

Performance Wins with BPF: Getting Started

byBrendan Gregg

SELinux for Everyday Users

byPaulWay

Automated Operating System Deployment Using SCCM 2012

byAbdelslam Elsobky

Privilege escalation from 1 to 0 Workshop

byHossam .M Hamed

Not a Security Boundary

byWill Schroeder

Similar to Ntlm Unsafe

PPTX

Kerberos, NTLM and LM-Hash

byAnkit Mehta

PDF

Windows Domains Part 2

byUTD Computer Security Group

PDF

The Infosec Revival

byscriptjunkie

PDF

The Non-Advanced Persistent Threat

byImperva

PDF

Introduction to Domains and Hacking

byUTD Computer Security Group

PDF

LNK Payload exploit in windows

byssuser1d7287

PDF

The Infosec Revival

byscriptjunkie

PPTX

AZ-801T00A Configuring Windows Server Hybrid Advanced Services.pptx

byjoolyvivi

PPTX

Shytikov on NTLM Authentication

byshytikov

Kerberos, NTLM and LM-Hash

byAnkit Mehta

Windows Domains Part 2

byUTD Computer Security Group

The Infosec Revival

byscriptjunkie

The Non-Advanced Persistent Threat

byImperva

Introduction to Domains and Hacking

byUTD Computer Security Group

LNK Payload exploit in windows

byssuser1d7287

The Infosec Revival

byscriptjunkie

AZ-801T00A Configuring Windows Server Hybrid Advanced Services.pptx

byjoolyvivi

Shytikov on NTLM Authentication

byshytikov

More from Guang Ying Yuan

PPTX

【职场女性领导力】《向前一步》

Ntlm Unsafe

More Related Content

What's hot

Similar to Ntlm Unsafe

More from Guang Ying Yuan

Recently uploaded