SMBRelay and LLMNR Zero to Breach in Ten Minutes

Webinar from 5/21/2015 - David Williams and Matt Barnett of BTB Security talked about a 10+ year-long issue that still remain unresolved in many environments. The talk highlighted several issues: disabled SMB signing, LLMNR/NBNS spoofing attack, how these two issues combined could lead an attacker to easily compromise the entire environment (sometimes less than 10 minutes). We will also talk about issues with vulnerability management and vulnerability scoring metrics of these issues: the exploitability and risk of (disabled) SMB signing and LLMNR/NBNS are not accurately represented in most places; and how this issue has led to this issue being unaddressed in most places.