Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers; to debate, discuss, share, challenge, celebrate and learn. On The BlueHat Podcast, Microsoft and MSRC’s Nic Fillingham and Wendy Zenone will host conversations with researchers and industry leaders, both inside and outside of Microsoft, working to secure the planet’s technology and create a safer world for all.
All content for The BlueHat Podcast is the property of Microsoft and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers; to debate, discuss, share, challenge, celebrate and learn. On The BlueHat Podcast, Microsoft and MSRC’s Nic Fillingham and Wendy Zenone will host conversations with researchers and industry leaders, both inside and outside of Microsoft, working to secure the planet’s technology and create a safer world for all.
Defending Against NTLM Relay Attacks with Rohit Mothe and George Hughey
The BlueHat Podcast
40 minutes
10 months ago
Defending Against NTLM Relay Attacks with Rohit Mothe and George Hughey
In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone welcome back George Hughey and Rohit Mothe from the Microsoft Security Response Center (MSRC) to discuss their latest blog post on mitigating NTLM relay attacks by default. George and Rohit explain their roles in vulnerability hunting and delve into NTLM, a 40-year-old authentication protocol, outlining its vulnerabilities and the risks of relay attacks, which function as a type of man-in-the-middle exploit. They highlight Microsoft's move to a "secure by default" approach, ensuring mitigations like channel binding are enabled automatically, providing stronger protections across services like Exchange, Active Directory Certificate Services (ADCS), and LDAP.
In This Episode You Will Learn:
Steps users can take to enhance security in their environments
Why legacy protocols remain a challenge and what the future might hold
The challenges and successes of improving authentication security
Some Questions We Ask:
What is an NTLM relay attack, and how does it work?
Can you explain channel binding and its role in preventing NTLM relay attacks?
What challenges arise from modernizing authentication in complex environments?
Resources:
View George Hughey on LinkedIn
View Rohit Mothe on LinkedIn
View Wendy Zenone on LinkedIn
View Nic Fillingham on LinkedIn
Related Microsoft Podcasts:
Microsoft Threat Intelligence Podcast
Afternoon Cyber Tea with Ann Johnson
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
The BlueHat Podcast
Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers; to debate, discuss, share, challenge, celebrate and learn. On The BlueHat Podcast, Microsoft and MSRC’s Nic Fillingham and Wendy Zenone will host conversations with researchers and industry leaders, both inside and outside of Microsoft, working to secure the planet’s technology and create a safer world for all.
