all InfoSec news
Abusing Microsoft Access “Linked Table” Feature to Perform NTLM Forced Authentication Attacks
Nov. 9, 2023, 12:16 p.m. | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
- Microsoft Access (part of the Office suite) has a “linking to remote SQL Server tables” feature.
- This feature can be abused by attackers to automatically leak the Windows user’s NTLM tokens to any attacker-controlled server, via any TCP port, such as port 80.
- The attack can be launched as long as the victim opens an .
accdb
or .mdb
file. In fact, any more-common Office file type (such as a .rtf
) can work as well - This technique …
abusing access attack attacker attackers attacks authentication feature leak malware analysis microsoft ntlm office port server sql sql server tables tcp tokens windows
More from malware.news / Malware Analysis, News and Indicators - Latest topics
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Associate Manager, BPT Infrastructure & Ops (Security Engineer)
@ SC Johnson | PHL - Makati
Cybersecurity Analyst - Project Bound
@ NextEra Energy | Jupiter, FL, US, 33478
Lead Cyber Security Operations Center (SOC) Analyst
@ State Street | Quincy, Massachusetts
Junior Information Security Coordinator (Internship)
@ Garrison Technology | London, Waterloo, England, United Kingdom
Sr. Security Engineer
@ ScienceLogic | Reston, VA