NTLM (NT LAN Manager) relaying is an attack technique that has been around for years yet is still incredibly effective.

Security Boulevard is a leading cybersecurity news and information portal, offering articles, analysis, and insights on cybersecurity threats, vulnerabilities, and best practices. From the latest trends in cyber threats to expert commentary on security technologies and compliance frameworks, Security Boulevard provides resources for security professionals, IT leaders, and business executives seeking to protect their organizations from cyber attacks and data breaches.

Security Boulevard

This post explores uncommon NTLM relay attack techniques, including enumerating domain usernames via a non-admin SMB relay and relaying NTLM credentials to Microsoft SQL Server and LDAP.

Beyond the Basics: Exploring Uncommon NTLM Relay Attack Techniques

Attack 1: Enumerating Domain Usernames via a Non-Admin SMB Relay

Attack 2: Relaying to Microsoft SQL Server

Attack 3: Relaying to LDAP and Configuring Resource-Based Delegation

Attack 4: Shadow Credentials Attack with no Prior Credentials

Attack 5: Shadow Credentials Attack Using Prior Credentials