Tag

Pass-the-Hash

2 briefs RSS

Windows Snipping Tool NTLMv2 Hash Hijack Vulnerability (CVE-2026-33829)

A local exploit has been published for Windows Snipping Tool (CVE-2026-33829), enabling NTLMv2 Hash Hijacking by forcing authentication to a remote SMB server via a crafted ms-screensketch:edit URI, potentially leading to credential theft and lateral movement.

Windows Snipping Tool credential-access ntlmv2 pass-the-hash cve-2026-33829

2r 1t 1c May 15, 2026

high advisory

Detecting Potential PowerShell Pass-the-Hash/Relay Scripts

2 rules 2 TTPs

This rule detects PowerShell scripts associated with NTLM relay or pass-the-hash tooling and SMB/NTLM negotiation artifacts, indicating potential credential access and lateral movement attempts by attackers.

Windows credential-access pass-the-hash ntlm-relay powershell

2r 2t Jul 3, 2024