Defending Against NTLM Relay Attacks with Rohit Mothe and George Hughey
In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone welcome back George Hughey and Rohit Mothe from the Microsoft Security Response Center (MSRC) to discuss their latest blog post on mitigating NTLM relay attacks by default. George and Rohit explain their roles in vulnerability hunting and delve into NTLM, a 40-year-old authentication protocol, outlining its vulnerabilities and the risks of relay attacks, which function as a type of man-in-the-middle exploit. They highlight Microsoft's move to a "secure by default" approach, ensuring mitigations like channel binding are enabled automatically, providing stronger protections across services like Exchange, Active Directory Certificate Services (ADCS), and LDAP. In This Episode You Will Learn: Steps users can take to enhance security in their environments Why legacy protocols remain a challenge and what the future might hold The challenges and successes of improving authentication security Some Questions We Ask: What is an NTLM relay attack, and how does it work? Can you explain channel binding and its role in preventing NTLM relay attacks? What challenges arise from modernizing authentication in complex environments? Resources: View George Hughey on LinkedIn View Rohit Mothe on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts