Obtaining NetNTLM Hashes by Asking Nicely | Qasim Ijaz & Jake Nelson

Active Directory loves spewing hashes, all kinds of them. This talk will focus on NetNTLM (or NTLM, call it what you will) hashes. We'll chat about how they can be obtained and used for privilege escalation and lateral movement. Here's what we'll cover:

- What NetNTLM hashes are and how they fit into AD
- Different ways to get NetNTLM hashes
- Broadcast and multicast-based name resolution protocols
- Coercion and elicitation (PetitPotam, DFSCoerce, shortcut files/icons, and even Microsoft Word)
- How to crack and relay NetNTLM hashes
- How to defend yourself against these types of attacks

We'll break down each topic and will demonstrate some tools and techniques you can use to get and utilize NetNTLM hashes.

/// 🔗 Antisyphon Training Pay-What-You-Can Courses
 
/// 🔗 View the Antisyphon Course Catalog

/// 🔗 View Our Live Training Course Calendar
 
/// 🔗 Antisyphon Training Roadmap