2021年9月9日 · An NTLM relay attack exploits the NTLM challenge-response mechanism. An attacker intercepts legitimate authentication requests and then forwards them to the server.

Microsoft is aware of PetitPotam which can potentially be used to attack Windows domain controllers or other Windows servers. PetitPotam is a classic NTLM Relay Attack, and such attacks have been previously documented by Microsoft along with numerous mitigation options to protect customers.

2024年7月8日 · The best-known attack on NTLM authentication is undoubtedly the NTLM relay attack. A relay attack is the act of intercepting information passing over a network and relaying it to a target, which is none other than the legitimate recipient of the information.

1 天前 · NTLM协议已被广泛用于NTLM中继攻击（NTLM relay attacks，即威胁行为者迫使易受攻击的网络设备向攻击者控制的服务器进行身份验证）和哈希传递攻击（pass-the-hash attacks，即利用漏洞窃取NTLM哈希值，这些哈希值是经过哈希处理的密码）。

利用该漏洞，攻击者连接到LSARPC后能够强制触发目标机器向指定的远程服务器发送Net-NTLM Hash，在获取到Net-NTLM Hash之后，就能够进行NTLM Relay攻击。

NTLM relay is one of the most prevalent attacks on the Active Directory infrastructure. The most important defenses against NTLM relay are server signing and Enhanced Protection for Authentication (EPA); you can read more about these mitigations in June’s security advisory.

10 小时之前 · NTLM has been widely exploited in NTLM relay attacks (where threat actors force vulnerable network devices to authenticate to attacker-controlled servers) and pass-the-hash attacks (where they ...

2020年8月11日 · NTLM relay attacks allow attackers to sit between clients and servers and relay validated authentication requests in order to access network services; Unlike NTLM, a challenge-response protocol, Kerberos’ mutual authentication is considered more secure and has been the de facto standard in Windows since Windows 2000

When an attacker intercepts network traffic with an LLMNR poisoning attack, they can further attempt to relay the intercepted event to authenticate themselves to a particular service on behalf of the victim. This is known as an NTLM relay attack. NTLM relay attacks are possible because the NTLM itself does not provide session security.

During the week of July 19th, 2021, information security researchers published a proof of concept tool named “PetitPotam” that exploits a flaw in Microsoft Windows Active Directory Certificate Servers with an NTLM relay attack.