Overview
Syllabus
Intro
Speaker Bio
Abstract
What is NTLM
message (negotiation)
message (challenge)
message (authentication)
Protocols using NTLMSSP
Windows Name Resolution
SMB Reflect Attack
Hot Potato (win7)
Relay to another machine
Relay credentials to Microsoft Exchange Server
Modern Browsers
NTLMSSP over http
Intranet Zone
Internet Explorer API
What is Policy and Zone ?
Feature on WIN7 and WIN10 • write a simple program for testing
Implementation in the browser
Another attack surface in Chrome
SMB Reflection Attack Rebirth
When can Java send HTTP request?
Why Java can automatically NTLM authentication?
How to reflect the credentials to SMB?
A real-world case
How to defend against NTLM Relay?
Acknowledgement
Taught by
Hack In The Box Security Conference