New LDAP & RDP Relay Vulnerabilities in NTLM

Posted by Yaron Zinar on Jul 11, 2017 10:01:54 AM

Over the past few months, the Preempt research team discovered and reported two Microsoft NT LAN Manager (NTLM) vulnerabilities. These vulnerabilities have a common theme around two different protocols handling NTLM improperly. These issues are particularly significant as they can potentially allow an attacker to create new domain administrator accounts even when best-practice controls such as LDAP server signing and RDP restricted admin mode are enabled.

Read More

Topics: Domain Controller, NTLM, Hacking, Threat Detection, Security Advisory, Microsoft

Kerberos, NTLM and SAM: 3 Ways Attackers Can Crack Passwords

Posted by Yaron Zinar on Mar 23, 2017 9:25:12 AM

In a previous blog, we discussed the prevalence of weak passwords in the Enterprise. The fact of the matter is, once an attacker gains access to password challenges and exfiltrates them for offline cracking, they can crack them in most cases.

Read More

Topics: NTLM, kerberos, Passwords, SAM

The Security Risks of NTLM: Proceed with Caution

Posted by Yaron Zinar on Oct 20, 2016 3:05:29 PM

NTLM (NT LAN Manager) is Microsoft's old authentication protocol that was replaced with Kerberos starting Windows 2000. It was designed and implemented by Microsoft engineers for the purpose of authenticating accounts between Microsoft Windows machines and servers. Even though it has not been the default for Windows deployments for more than 15 years, it is still very much in use and I have not yet seen a network where it has been completely abandoned. In fact it also supported by the latest version of Active Directory.

Read More

Topics: Risk, Active Directory, NTLM, kerberos