NTLM Relay Attacks - An OPSEC-Conscious Approach to Port 445 Takeover

Explore a conference talk from x33fcon that delves into a novel NTLM relay technique for hijacking port 445 with minimal operational security risks. Learn how to overcome the challenges of conducting NTLM relays from command-and-control infrastructure, particularly when dealing with Windows kernel limitations that prevent attackers from starting their own SMB listener. Discover a stealthy approach that avoids common operational security risks like loading suspicious drivers, system reboots, or LSASS tampering. Gain insights into the reverse engineering of Windows drivers, understand the underlying mechanics of this technique, and master the usage of a new automation tool that enables temporary SMB port control for relay attacks. Master advanced exploitation methods for relay attacks including SCCM site takeover and ADCS ESC8, while maintaining a low detection profile compared to traditional solutions.