Security News

Use an 8-char Windows NTLM password? Don't. Every single one can be cracked in under 2.5hrs
2019-02-14 22:56

CorrectHorseBatteryStaple once again more secure and memorable than ff3sd21n HashCat, an open source password recovery tool, can now crack an eight-character Windows NTLM password hash in less...

Researcher Escalates Privileges on Exchange 2013 via NTLM Relay Attack
2019-01-29 15:20

Microsoft Exchange 2013 and newer versions allow an attacker to escalate privileges when performing a NT LAN Manager (NTLM) relay attack, a security researcher warns. read more

PDF Files Can Silently Leak NTLM Credentials
2018-04-30 12:19

NTML credentials can be stolen via malicious Portable Document Format (PDF) files without any user interaction, Check Point security researchers warn. read more

Microsoft Patches LDAP Relay Vulnerability in NTLM (Security Week)
2017-07-12 13:50

Microsoft resolved over 30 bugs with its July 2017 set of security patches, one being a vulnerability where the Lightweight Directory Access Protocol (LDAP) wasn’t protected from Microsoft NT LAN...

Critical Flaws Found in Windows NTLM Security Protocol – Patch Now (The Hackers News)
2017-07-12 00:23

As part of this month's Patch Tuesday, Microsoft has released security patches for a serious privilege escalation vulnerability which affect all versions of its Windows operating system for...

Microsoft Addresses NTLM Bugs That Facilitate Credential Relay Attacks (Threatpost)
2017-07-11 17:43

Microsoft today addressed two NTLM-related vulnerabilities privately disclosed by Preempt Security. The flaws allow for credential relay attacks.

Autoresponder - Automatically load NTLM hashes from Responder logs and fires up Hashcat to crack them (Reddit)
2015-12-14 21:06

Project Zero: Windows DCOM DCE/RPC Local NTLM Reflection Elevation of Privilege (Reddit)
2015-07-08 23:12

Windows: Local WebDAV NTLM Reflection Elevation of Privilege (Reddit)
2015-03-19 14:35