Tradecraft Security WeeklySubscribe

Relaying NTLMv1/v2 – Tradecraft Security Weekly #14


A very common attack that many networks are vulnerable to is called LLMNR or NBT-NS poisoning. Through this attack it is possible to gain access to a user's NTLMv1 or v2 password hash. A more interesting attack can be carried out under the same premise though. Instead of just obtaining a password hash the user's authenticated session to another host can be exploited to run arbitrary code on the server. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) shows how to perform this attack using the PowerShell tool Inveigh.

LINKS: Inveigh Nmap SMB-Signing Discovery byt3bl33der blog post SANS blog post LLMNR & NBT-NS Blog Post Responder Multi-Relay Impacket SMBRelayx Metasploit SMB_Relay Module

[audio src=""]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.