all InfoSec news
Relaying NTLM Authentication from SCCM Clients
June 30, 2022, 2:03 p.m. | Chris Thompson
Security Boulevard securityboulevard.com
tl;dr: Seriously, please disable NTLM
I recently learned that you can coerce NTLM authentication from SCCM servers using any Windows SCCM client when automatic site-wide client push installation is enabled and NTLM has not been explicitly disabled. During my research, I found out that if you have certain privileges in SCCM, you can also elicit NTLM authentication from the logged-in user or machine account of any Windows client that is online.
Tools such as SharpSCCM can be used to demonstrate …
application security authentication clients ntlm penetration testing pentest pentesting red team sccm social engineering
More from securityboulevard.com / Security Boulevard
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineers
@ D. E. Shaw Research | New York City
Security Engineer, Incident Response
@ Databricks | Remote - Netherlands
Associate Vulnerability Engineer - Mid-Atlantic region (Part-Time)
@ GuidePoint Security LLC | Remote in VA, MD, PA, NC, DE, NJ, or DC
Data Security Architect
@ Accenture Federal Services | Washington, DC
Identity Security Administrator
@ SailPoint | Pune, India