Shopping Cart

No products in the cart.

Loading Events

« All Events

  • This event has passed.

Anti-Cast: Obtaining NETNLM Hashes by Asking Nicely with Qasim Ijaz and Jake Nelson

August 2, 2023 @ 12:00 pm 1:00 pm EDT

Active Directory loves spewing hashes, all kinds of them. This talk will focus on NetNTLM (or NTLM, call it what you will) hashes. We’ll chat about how they can be obtained and used for privilege escalation and lateral movement. Here’s what we’ll cover:

  • What NetNTLM hashes are and how they fit into AD
  • Different ways to get NetNTLM hashes
  • Broadcast and multicast-based name resolution protocols
  • Coercion and elicitation (PetitPotam, DFSCoerce, shortcut files/ icons, and even Microsoft Word)
  • How to crack and relay NetNTLM hashes
  • How to defend yourself against these types of attacks


We’ll break down each topic and will demonstrate some tools and techniques you can use to get and utilize NetNTLM hashes.

Chat with your fellow attendees in the Antisyphon Discord server:
https://discord.gg/antisyphon
in the #🍿anticasts-chat channel

Stay up to date on our upcoming live Anti-Casts and more at https://poweredbybhis.com