NTLM relay attacks are the easiest way for an attacker to compromise domain-joined hosts. While many security practitioners think NTLM relay is a solved problem, it is not – and, in fact, it may be getting worse. Anecdotally, they are used in most attacks seen by my employer’s consulting arm and have gotten much more common in the last few years. With most environments vulnerable, NTLM sets the stage for lateral movement and privilege escalation. … More
The post NTLM relay attacks are back from the dead appeared first on Help Net Security.