Join us for our next Anti-Cast, “Obtaining NetNTLM Hashes by Asking Nicely,” with Qasim Ijaz & Jake Nelson this Wednesday, Aug. 2, 2023, at 12 p.m. EDT! Register here.
Tune in at 11:30 a.m. EDT for some PreShow Banterâ„¢.
Active Directory loves spewing hashes, all kinds of them. This talk will focus on NetNTLM (or NTLM, call it what you will) hashes. We’ll chat about how they can be obtained and used for privilege escalation and lateral movement. Here’s what we’ll cover:
– What NetNTLM hashes are and how they fit into AD
– Different ways to get NetNTLM hashes
– Broadcast and multicast-based name resolution protocols
– Coercion and elicitation (PetitPotam, DFSCoerce, shortcut files/icons, and even Microsoft Word)
– How to crack and relay NetNTLM hashes
– How to defend yourself against these types of attacks
We’ll break down each topic and will demonstrate some tools and techniques you can use to get and utilize NetNTLM hashes.
Chat with your fellow attendees in the Antisyphon Discord server here — in the #webcasts-livestreams channel.