all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Abusing Microsoft Access “Linked Table” Feature to Perform NTLM Forced Authentication Attacks

Add to bookmarks
Nov. 9, 2023, 12:16 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news


  1. Microsoft Access (part of the Office suite) has a “linking to remote SQL Server tables” feature.

  2. This feature can be abused by attackers to automatically leak the Windows user’s NTLM tokens to any attacker-controlled server, via any TCP port, such as port 80.

  3. The attack can be launched as long as the victim opens an .accdb or .mdb file. In fact, any more-common Office file type (such as a .rtf ) can work as well

  4. This technique …

abusing access attack attacker attackers attacks authentication feature leak malware analysis microsoft ntlm office port server sql sql server tables tcp tokens windows

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Dissecting Windows Malware Series – RISC vs CISC Architectures – Part 4 15 minutes ago | malware.news
architectures cisc gains history +7
The life and times of an Abstract Syntax Tree 26 minutes ago | malware.news
artificially intelligent can clear compiler +12
Psychotherapy practice hacker gets jail time after extorting patients, publishing personal therapy notes online 26 minutes ago | malware.news
article attack cybercriminals hacker +12
Strengthening Cloud Security Together: Meet the Runtime Insights Partner Ecosystem 46 minutes ago | malware.news
cloud cloud security collaboration cybersecurity +18
North American, European critical infrastructure facing pro-Russia hacktivist threats 56 minutes ago | malware.news
agriculture america american article +37
RSA Conference 2024 Preview: The Sessions to See This Year an hour ago | malware.news
article brian conference episode +12
Senators Reprimand UnitedHealth CEO in Ransomware Hearing an hour ago | malware.news
attack ceo change change healthcare +17
Prisma SASE 3.0 — Securing Work Where It Happens an hour ago | malware.news
application coffee corporate corporate network +19
Deepfakes and AI-Driven Disinformation Threaten Polls 3 hours ago | malware.news
access article campaigns deepfakes +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Associate Manager, BPT Infrastructure & Ops (Security Engineer)

@ SC Johnson | PHL - Makati
View on infosec-jobs.com

Cybersecurity Analyst - Project Bound

@ NextEra Energy | Jupiter, FL, US, 33478
View on infosec-jobs.com

Lead Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Junior Information Security Coordinator (Internship)

@ Garrison Technology | London, Waterloo, England, United Kingdom
View on infosec-jobs.com

Sr. Security Engineer

@ ScienceLogic | Reston, VA
View on infosec-jobs.com
View more jobs