SANS Workshop – NTLM Relaying 101: How Internal Pentesters Compromise Domains

In this workshop, SANS certified instructor Jean-François Maes will walk you through some of the most used NTLM relay attack paths pentesters use to compromise the domain.

We will take a look at:

  • What is NTLM auth?
  • Using broadcast traffic for fun and profit
  • Active Directory Certificate Services abuse
  • ShadowCredentials
  • And more!

BEFORE THE WORKSHOP: This workshop requires a large local LAB that must be downloaded prior to the workshop. Download is available here:

Please note - The VMs are designed to be run on an Intel processor, so M-chip macbooks will not be able to run this lab. 

Prerequisites: Some pre-existing knowledge of networking and active directory will be handy, but not required.

System Requirements:

Lab Walkthrough to be used with the presentation slides:

Please note – we will not be able to troubleshoot or support any local access or browser issues.