This article has been indexed from CSO Online
Microsoft Active Directory (AD), which handles identity management, reportedly holds 90% to 95% market share among fortune 500 companies. Given such broad adoption, it is no surprise that it is so heavily targeted by malicious actors and researchers alike. Among the most cited types of attacks against AD are legacy protocols. One such protocol that receives a lot of focus from attackers is NT LAN Manager (NTLM).
NTLM has been around for over 20 years. It is used for authentication in early Windows systems, leading up to Windows 2000. It uses a challenge-response mechanism to authenticate clients. While many organizations have shifted to Kerberos, many legacy systems and applications still support or use NTLM. It is also used in scenarios where you need to join a workgroup, local logon authentication on non-domain controllers or in some cases for non-Microsoft applications.
Read the original article: NTLM relay attacks explained, and why PetitPotam is the most dangerous