NTLM relay attacks remain a significant cybersecurity threat, especially in environments where legacy authentication protocols are still in use. These attacks facilitate lateral movement and privilege escalation, putting organizations at high risk of data breaches and system compromise. #NTLMRelay #ActiveDirectory
Keypoints
- NTLM is a legacy authentication protocol still used when Kerberos isnβt viable.
- NTLM relay attacks enable attackers to hijack authenticated sessions without cracking passwords.
- Attacks can target SMB, LDAP, and ADCS web enrollment, each with different mitigation methods.
- Microsoft has started enforcing SMB signing and LDAP session security to prevent these attacks.
- Continuous environment assessment and enforcement of signing and channel binding are the best defenses.
Read More: https://www.helpnetsecurity.com/2025/07/04/ntlm-relay-attacks/