home.social

#ntlm — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #ntlm, aggregated by home.social.

  1. Responder Tool for Network Credential Capture in Active Directory

    In this article, I cover how Responder works, common credential capture techniques, and practical mitigation strategies for defending Active Directory environments.

    denizhalil.com/2026/05/18/resp

    #CyberSecurity #ActiveDirectory #Responder #LLMNR #NTLM #CredentialCapture #RedTeam #BlueTeam #Pentesting #WindowsSecurity #InfoSec #EthicalHacking #DenizHalil

  2. Responder Tool for Network Credential Capture in Active Directory

    In this article, I cover how Responder works, common credential capture techniques, and practical mitigation strategies for defending Active Directory environments.

    denizhalil.com/2026/05/18/resp

    #CyberSecurity #ActiveDirectory #Responder #LLMNR #NTLM #CredentialCapture #RedTeam #BlueTeam #Pentesting #WindowsSecurity #InfoSec #EthicalHacking #DenizHalil

  3. Responder Tool for Network Credential Capture in Active Directory

    In this article, I cover how Responder works, common credential capture techniques, and practical mitigation strategies for defending Active Directory environments.

    denizhalil.com/2026/05/18/resp

    #CyberSecurity #ActiveDirectory #Responder #LLMNR #NTLM #CredentialCapture #RedTeam #BlueTeam #Pentesting #WindowsSecurity #InfoSec #EthicalHacking #DenizHalil

  4. ----------------

    🔎 AI: Integrating LLMs into Offensive Security Workflows

    Summary

    This blog outlines practical integration of large language models into offensive security engagements. Authors describe improving public proof‑of‑concept Model Context Protocol (MCP) servers for BloodHound and Burp Suite to support real‑world testing, and present LLM CLI usage patterns that enable agentic execution across reconnaissance, data enrichment, attack chaining, and reporting.

    Technical specifics
    • MCP servers: Existing MCP server projects for BloodHound and Burp Suite were adapted to work in offensive engagements, enabling LLMs to fetch, query, and reason over structured data such as Active Directory graphs and proxied web traffic.
    • LLM CLI agents: Modern CLIs (examples cited include Gemini CLI, Claude Code, and OpenAI’s Codex) shift models from single‑shot responders to autonomous operators capable of chaining actions: run a tool, parse output, decide next steps, and continue until objectives are met.
    • Example capabilities: An LLM connected to an AD graph via a MCP server can rapidly enumerate privilege escalation paths that would otherwise require hours of manual review. When paired with Burp Suite MCP, LLMs can correlate requests/responses across sessions to accelerate vulnerability triage. The authors also describe an NTLM relaying Gemini extension that demonstrates chaining of attack steps.

    Operational characteristics
    • Scope of access: An LLM CLI can operate on any tool or artifact the host environment exposes—OS utilities, custom scripts, open‑source offensive tooling, and locally hosted services—then interpret outputs to guide successive actions.
    • Agentic execution model: Gemini’s agentic design emphasizes iterative, feedback‑driven workflows where the model determines subsequent commands based on intermediate results rather than relying on a single prompt.

    What was demonstrated
    • Improved MCP integrations for BloodHound and Burp Suite adapted from public proof‑of‑concept servers.
    • A proof‑of‑concept Gemini extension automating NTLM relay orchestration.
    • Use cases spanning AD privilege path identification, web traffic correlation, automated triage, and multi‑step attack choreography.

    Limitations & considerations (as presented)
    • The writeup focuses on capabilities and demonstrated integrations; implementation specifics and environmental constraints are described at a conceptual level. The examples show how LLMs can reduce manual effort and expand coverage when granted appropriate tool access.

    🔹 llm #mcp #bloodhound #burpsuite #ntlm

    🔗 Source: armadin.com/blog-posts/automat

  5. I wrote a quick #blogpost on #ntlm authentication with #sqlmap using #burpsuite proxy.

    bbence.me/blog/2025-03-09_ntlm

    I did this as a workaround, since the `python-ntlm` package that SQLMap wants still uses Python 2's syntax for some reason and SQLMap does not like that.

    #pentesting #sqli #blog #security

  6. Need to convert a #wordlist to #hash? Meet #hashgen, the blazingly fast hash generator. Currently supports 18+ modes such as #md5, #sha, #ntlm, #crc, #base64 encode/decode, and converting $HEX[] to #plaintext.
    Cross-compilable for Linux, Windows and Mac.
    forum.hashpwn.net/post/89
    #hashpwn #hashcracking #hashcat #hex