#NTLMRelay

NTLM Reflection Attack Attackers abuse misconfigured Unconstrained Delegation and NTLM reflection/relay to coerce high-value systems into authenticating to attacker-controlled hosts, allowing capture of Kerberos TGTs and escalation from a low-privileged user to full domain compromise without any software zero-day. Effective mitigations include enforcing SMB signing, disabling unconstrained delegation, restricting NTLM, and monitoring Kerberos/DCSync activity. #UnconstrainedDelegation #NTLMRelay

Attackers exploit misconfigured Unconstrained Delegation and disabled SMB signing to perform NTLM reflection attacks, stealing Kerberos TGTs and escalating privileges from low-level users to full domain compromise. #NTLMRelay #UnconstrainedDelegation

7/10 NTLM Relay Attack:

Here, attackers intercept NTLM authentication requests, relaying them to gain access elsewhere.

It's all about misdirecting credentials.

#NTLMRelay #NetworkSecurity #ActiveDirectory #infosec