cybersecurity
education
€ EUR
  • $ USD
  • € EUR

CQURE Hacks #68: NTLM Relay Attacks Explained and Why It’s Time to Phase Out NTLM

Hacks 68 - NTLM Relay Attacks Explained and Why It’s Time to Phase Out NTLM

We begin on the Domain Controller, where the Group Policy setting “Network security: Restrict NTLM: NTLM authentication in this domain” is initially set to Disabled. This allows NTLM-based authentication to proceed – opening the door for potential relay attacks. On the attacker machine (running Kali Linux), the Responder and Impacket’s ntlmrelayx tools are launched. Once […]

CQURE Hacks #67 ARP Spoofing + SMB Sniffing: Stealing Files from the Network

Setting up the Attack  We start with three machines:  On Kali, we enable packet forwarding and run the arpspoof tool to trick both the client and the domain controller into believing that Kali is the other host. This successfully poisons the ARP cache, redirecting their communication through our machine.  Sniffing ICMP Traffic  With ARP spoofing […]

CQURE HACKS #66 Hiding and Modifying Windows Services with Service Control

Hiding and Modifying Windows Services with Service Control

Understanding Hidden Services  Let’s learn how to hide and uncover a service. This is a very important technique for post-incident investigation, as manipulating a service’s security descriptor can be a powerful method for persistence.  There’s no direct mechanism to hide a service in Windows, but we can manipulate the Security Descriptor Definition Language (SDDL).  We […]

CQURE HACKS #65 NTLM reflection SMB flaw – CVE-2025-33073: From zero to Domain Admin

The threat is real – legitimate users can engineer malicious programs that deceive target systems into establishing authentication with a fake SMB server. This exploitation method delivers maximum system authority to attackers, granting them comprehensive dominance over the infiltrated machine. So, let’s see how granting this access looks like in practice. Before attempting exploitation, two […]

Hacks Weekly #63 – Attacking LSASS memory through VM snapshot

By leveraging snapshots, attackers can bypass security mechanisms and extract passwords or access tokens, allowing privilege escalation across the entire network.  Watch the video above to find out how hackers can lay their hands on passwords by taking a snapshot of the running VM along with the memory and downloading the snapshot memory status files, […]

Hacks Weekly #62 – Bypassing Windows Mark of the Web Protection

How can the Windows Mark-of-the-Web Protection be bypassed? 🦝 Amr Thabet, Malware Researcher & Incident Handler, presented some of the scenarios in episode 62 of our #HacksWeekly series! Windows Mark-of-the-Web Protection is just the first layer of protection. The problems start when users use 7-ZIP or delete the specific version of the file and download […]

Hacks Weekly #61 – Man in the middle with MITM6 and NTLMRelay

What is MITM6?  MITM6 is an advanced penetration testing tool that exploits default Windows DNS configurations to facilitate man-in-the-middle (MITM) attacks. It targets mainly networks where IPv6 is enabled but not actively used. By responding to DHCPv6 messages, MITM6 can redirect traffic from vulnerable Windows machines to an attacker’s system. These redirections take place because […]

BLACK HAT EUROPE 2024!

We’re happy to share that the 2024 edition is also taking place with our involvement!  And we have to admit, this year’s agenda looks promising. As always, we’re ready to share only the most relevant skills, thoroughly tested during real-life scenarios.  System Forensics, Incident Handling and Threat Hunting  On December 9, you’ll have the opportunity […]

Get a Sneak Peek into the Advanced Windows Security Course!

Over the years, the Advanced Windows Security Course has amassed hundreds of satisfied students, building a supportive community of cybersecurity enthusiasts and rising talents. We repeat it yearly, each time brainstorming to deliver the freshest techniques for combating cyber threats. As a result, the formula just keeps getting better.  At CQURE Academy, our Experts consolidate […]

How can we help you?

Suggested searches

    Search history

      Popular searches:

      Not sure what course to look for?

      Mobile Newsletter Form