Digging into an NTLM Downgrade Attack



During the summer, my colleague Derya Yavuz and I published an article on some of the different methods we’ve leveraged to elevate privileges within Active Directory environments. We discussed authentication coercion techniques such as PrinterBug, PetitPotam, and DFSCoerce. One of the techniques we mentioned in that article was performing an NTLM downgrade attack to obtain an NTLMv1 hash from a victim client computer.

However, we encountered some hurdles to exploiting this issue, as i…

Read More