Tag: NTLM Relay
-
Ghost in the Browser: Hijacking Authenticated Sessions via NTLM Relay with ghostsurf
ghostsurf NTLM HTTP relay tool with SOCKS proxy for browser session hijacking. Capture NTLM auth, relay to HTTP/HTTPS targets, then browse as the victim through a SOCKS proxy. This works even when cookie replay doesn’t. Features Browser Session Hijacking: SOCKS5 proxy lets you browse as the relayed user Auto Session Selection: Single session auto-selects; multiple…
-
The Phantom Attack: A New NTLM Relay Method Evades EDR to Hijack Networks
Logan Goins, a researcher at SpecterOps, has unveiled a novel technique for exploiting NTLM authentication that enables adversaries to bypass low-level access restrictions in corporate networks and offload tool execution from an infected workstation. The essence of the method lies not in stealing passwords or hashes, but in hijacking the context of the current user…
-
Total Takeover: The Attack That Seizes Your Active Directory With Default Settings
Researchers at Resecurity have drawn attention to an exceptionally dangerous attack that enables adversaries to seize full control over an organization’s Active Directory domain infrastructure—all while exploiting default Windows configurations. The technique combines MITM6, which injects a rogue IPv6 configuration, with NTLM Relay, where intercepted credentials are relayed to targeted services. This synergy effectively transforms…