Microsoft is aware of PetitPotam which can potentially be used to attack Windows domain controllers or other Windows servers. PetitPotam is a classic NTLM Relay Attack, and such attacks have been previously documented by Microsoft along with numerous mitigation options to protect customers.

2021年9月9日 · An NTLM relay attack exploits the NTLM challenge-response mechanism. An attacker intercepts legitimate authentication requests and then forwards them to the server.

2024年7月8日 · The best-known attack on NTLM authentication is undoubtedly the NTLM relay attack. A relay attack is the act of intercepting information passing over a network and relaying it to a target, which is none other than the legitimate recipient of the information.

2020年8月11日 · NTLM relay attacks allow malicious actors to carry out man-in-the-middle attacks to steal hashed versions of user credentials which are then 'relayed' for use accessing other network resources.

2024年12月9日 · NTLM relaying is a popular attack method used by threat actors that allows for identity compromise. An NTLM relay attack typically involves two steps: Coercing a victim to authenticate to an arbitrary endpoint. Relaying the authentication against a vulnerable target.

2022年2月12日 · ntlmrelayx (Python), MultiRelay (Python) and Inveigh-Relay (Powershell) are great tools for relaying NTLM authentications. Those tools setup relay clients and relay servers waiting for incoming authentications. Once the servers are up and ready, the tester can initiate a forced authentication attack.

2022年9月27日 · Defeating NTLM relay attacks. Relay attacks can come in many forms, but the bottom line is that they can effectively subvert authentication on internal networks. Understanding how the attacks work is critical to determining how best to stop them.

NTLM relay is one of the most prevalent attacks on the Active Directory infrastructure. The most important defenses against NTLM relay are server signing and Enhanced Protection for Authentication (EPA); you can read more about these mitigations in June’s security advisory.

Learn how to detect NTLM relay attacks in part four of a special series on critical Active Directory (AD) attack detections & misconfigurations.

The NTLM relay attack poses a significant threat to organizations that use Active Directory. This attack exploits the NT LAN Manager (NTLM) authentication protocol, a challenge-response mechanism used in Windows networks for user authentication.