Nail the Coffin Shut, NTLM is Dead

Presented at DEF CON 16 (2008), Aug. 8, 2008, 2 p.m. (50 minutes)

Ever since SirDystic's SMBRelay release the weaknesses of the NTLM protocol have been repeatedly shown. For over twenty years this protocol has been refined by Microsoft, it's time to let it go and stop supporting it within our networks. This presentation will trace the history of the NTLM protocol and the various attacks that have befallen it over the past decade, the attempts at fixing them and why these fixes have not succeeded. I will show what I believe is the most significant attack to it and why the best solution is to migrate away from NTLM once and for all. Attendees will come away with a stronger understanding of the NTLM protocol and information to help them make the case to their Windows administrators, CIOs, CSOs and everybody else that there is a serious risk in keeping NTLM support around. A toolkit using the Metasploit Framework will be released that will help you show the risks in your enterprise.

Presenters:

  • Kurt Grutzmacher - Security Researcher
    Kurt Grutzmacher is a CISSP, but don't hold that against him. Lots of us have it because it keeps us employed. He was employed by the Federal Reserve System for 15 years, 5 of those in the official capacity of performing penetration tests and security reviews. Currently he works at Pacific Gas & Electric, one of the largest public utilities in the United States. Kurt has provided updates to the Metasploit Framework directly related to LM/NTLM support.

Links:

Similar Presentations: