SANS Workshop – NTLM Relaying 101: How Internal Pentesters Compromise Domains
In this workshop, SANS certified instructor Jean-François Maes will walk you through some of the most used NTLM relay attack paths pentesters use to compromise the domain.
We will take a look at:
- What is NTLM auth?
- Using broadcast traffic for fun and profit
- Active Directory Certificate Services abuse
- ShadowCredentials
- And more!
BEFORE THE WORKSHOP: This workshop requires a large local LAB that must be downloaded prior to the workshop. Download is available here: https://sansurl.com/ntlm-workshop-range
Please note - The VMs are designed to be run on an Intel processor, so M-chip macbooks will not be able to run this lab.
Prerequisites: Some pre-existing knowledge of networking and active directory will be handy, but not required.
System Requirements:
- VirtualBox installed - Download here: https://www.virtualbox.org/wiki/Downloads
- At least 32 gig of ram
- At least 80GB of HDD/SSD space
- Intel processor
Lab Walkthrough to be used with the presentation slides: https://jfmaes-1.gitbook.io/ntlm-relaying-like-a-boss-get-da-before-lunch/
Please note – we will not be able to troubleshoot or support any local access or browser issues.
