Defending Against NTLM Relay Attacks with Rohit Mothe and George Hughey
The BlueHat Podcast · Microsoft
Audio is streamed directly from the publisher (traffic.megaphone.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone welcome back George Hughey and Rohit Mothe from the Microsoft Security Response Center (MSRC) to discuss their latest blog post on mitigating NTLM relay attacks by default. George and Rohit explain their roles in vulnerability hunting and delve into NTLM, a 40-year-old authentication protocol, outlining its vulnerabilities and the risks of relay attacks, which function as a type of man-in-the-middle exploit. They highlight Microsoft's move to a "secure by default" approach, ensuring mitigations like channel binding are enabled automatically, providing stronger protections across services like Exchange, Active Directory Certificate Services (ADCS), and LDAP.
In This Episode You Will Learn:
- Steps users can take to enhance security in their environments
- Why legacy protocols remain a challenge and what the future might hold
- The challenges and successes of improving authentication security
Some Questions We Ask:
- What is an NTLM relay attack, and how does it work?
- Can you explain channel binding and its role in preventing NTLM relay attacks?
- What challenges arise from modernizing authentication in complex environments?
Resources:
View George Hughey on LinkedIn
View Nic Fillingham on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts