Security News > 2021 > July > Windows “PetitPotam” network attack – how to protect against it
The hack, which he has dubbed PetitPotam, involves what's known as an NTLM relay attack, which is a form of manipulator-in-the-middle attack against Microsoft's NTLM authentication system.
Microsoft has been advising everyone to avoid NTLM, short for NT LAN Manager, for more than a decade, because it doesn't meet modern cryptographic security standards.
Way back in 2012, for example, password researcher Jeremi Gosney, who describes himself as "Your friendly neighborhood password cracker", described and built a standalone password cracking computer, using 25 graphics cards, that could brute-force any eight-character Windows password from its NTLM hash in just six hours.
NTLM authentication has proved hard to shake off altogether, with many network administrators keeping it alive because of legacy applications that can't use the network without it.
Microsoft has added several NTLM mitigations over the years to try to close off various NTLM relay attack loopholes that remain.
The most robust defence is to stop using NTLM anywhere in your network.