SANS Workshop – NTLM Relaying 101: How Internal Pentesters Compromise Domains

Tuesday, 29 Nov 2022 12:00PM EST (29 Nov 2022 17:00 UTC)
Speaker: Jean-François Maes

In this workshop, SANS certified instructor Jean-François Maes will walk you through some of the most used NTLM relay attack paths pentesters use to compromise the domain.

We will take a look at:

What is NTLM auth?
Using broadcast traffic for fun and profit
Active Directory Certificate Services abuse
ShadowCredentials
And more!

BEFORE THE WORKSHOP: This workshop requires a large local LAB that must be downloaded prior to the workshop. Download is available here: https://sansurl.com/ntlm-workshop-range

Please note - The VMs are designed to be run on an Intel processor, so M-chip macbooks will not be able to run this lab.

Prerequisites: Some pre-existing knowledge of networking and active directory will be handy, but not required.

System Requirements:

VirtualBox installed - Download here: https://www.virtualbox.org/wiki/Downloads
At least 32 gig of ram
At least 80GB of HDD/SSD space
Intel processor

Lab Walkthrough to be used with the presentation slides: https://jfmaes-1.gitbook.io/ntlm-relaying-like-a-boss-get-da-before-lunch/

Please note – we will not be able to troubleshoot or support any local access or browser issues.

Login to Register

NTLM_Relaying_101_-_How_Internal_Pentesters_Compromise_Domains_-_Workshop_-_11.29_-_4.jpg

Related Content

Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, CyberLive, Workforce Development, Career Development, Why Certify, Imposter Syndrome, NetWars, Mentorship, Job Hunting, Operating System & Device In-Depth, Artificial Intelligence (AI)

A Visual Summary of SANS New2Cyber Summit 2024

Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024

Offensive Operations, Pen Testing, and Red Teaming, Penetration Testing and Red Teaming

January 31, 2024

Continuous Purple Teaming: A Practical Approach for Strengthening Your Offensive Capabilities

This post will guide you through actionable strategies to implement adversary emulation effectively with some concrete examples.

Jeroen Vandeleur

Offensive Operations, Pen Testing, and Red Teaming, Open-Source Intelligence (OSINT), Penetration Testing and Red Teaming

November 16, 2023

A Visual Summary of SANS HackFest Summit

Check out these graphic recordings created in real-time throughout the event for SANS HackFest Summit 2023