Tag

Ntlm

3 briefs RSS

Potential NetNTLMv1 Downgrade Attack via Registry Modification

This brief details a registry modification attack that downgrades the system to NTLMv1 authentication, enabling NetNTLMv1 downgrade attacks, typically performed with local administrator privileges on Windows systems.

Microsoft Defender XDR +2 defense-evasion ntlm registry-modification windows

2r 2t 8h ago

high advisory

SiYuan Zero-Click NTLM Theft and Blind SSRF via Mermaid Diagrams

2 rules 3 TTPs 1 CVE

SiYuan is vulnerable to zero-click NTLM hash theft on Windows and blind SSRF on all platforms due to insecure Mermaid.js configuration, where a malicious Mermaid diagram containing a protocol-relative URL can be injected into a note, causing the Electron client to fetch the URL, triggering SMB authentication on Windows and sending the victim's NTLMv2 hash to the attacker. On macOS and Linux, the request acts as a tracking pixel and blind SSRF.

siyuan ntlm ssrf credential-theft mermaid

2r 3t 1c 3w ago

medium advisory

Detecting Rare SMB Connections for Potential NTLM Credential Theft

2 rules 2 TTPs

This brief details a detection strategy for rare SMB connections originating from internal networks to the internet, potentially indicating NTLM credential theft via rogue UNC path injection.

Elastic Defend +2 exfiltration credential-access windows smb ntlm

2r 2t Jan 25, 2024