all InfoSec news
Coercing NTLM Authentication from SCCM
April 13, 2022, 2:06 p.m. | Chris Thompson
Security Boulevard securityboulevard.com
tl;dr: Disable NTLM for Client Push Installation
When SCCM automatic site assignment and automatic client push installation are enabled, and PKI certificates aren’t required for client authentication, it’s possible to coerce NTLM authentication from the management point’s installation and machine accounts to an arbitrary NetBIOS name, FQDN, or IP address, allowing the credentials to be relayed or cracked. This can be done using a low-privileged account on any Windows SCCM client.
Client push installation accounts require local admin privileges to …
application security authentication ntlm penetration testing pentesting red team sccm social engineering
More from securityboulevard.com / Security Boulevard
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Security Audit and Compliance Technical Analyst
@ Accenture Federal Services | Washington, DC
ICS Cyber Threat Intelligence Analyst
@ STEMBoard | Arlington, Virginia, United States
Cyber Operations Analyst
@ Peraton | Arlington, VA, United States
Cybersecurity – Information System Security Officer (ISSO)
@ Boeing | USA - Annapolis Junction, MD
Network Security Engineer I - Weekday Afternoons
@ Deepwatch | Remote