BSidesVienna 0x7EA

NTLM-Relaying in Practice
06-27, 09:30–11:30 (Europe/Vienna), Kleiner Saal (Workshops Track)

In a lab environment we are going to do some hands-on sessions about NTLM-Relaying and showing common protection mechanisms that are effective against these kinds of attacks. So the workshop should be interesting for sysadmins and pentesters alike.
It ties into our talk about modern NTLM-Relaying methods and lets participants try out the attacks in a simulated environment provided by us.


In a Windows Active Directory environment, minor misconfigurations can lead to total domain compromise. This hands-on workshop dives into NTLM-Relaying attacks and explores exactly what happens when critical defenses like SMB signing and LDAP signing are left disabled and how NTLM-Relaying can still be abused with these mechanisms enabled.

​Through practical, real-world demonstrations, participants will learn:

  • How attackers intercept and abuse NTLM authentication
  • Lateral movement and privilege escalation scenarios caused by missing mitigations
  • Step-by-step blueprints to effectively secure your AD environment against these threats

​By the end of this session, you will not only understand how attackers exploit NTLM-Relaying but also how to shut them down.

To attend this workshop, participants will need a laptop with an installed SSH client.

My fascination about complex systems began early on - with hacking computer games. While studying computer science at the University of Innsbruck, I discovered the Austrian Cyber Security Challenge, a capture-the-flag competition that promotes IT security talents in Austria.

My successful participation in this competition opened my way into professional IT security at the end of 2017. Since then, I have been pursuing my passion as a penetration tester. I have specialized in the field of red teaming and attack simulations through numerous further education and training courses - a field that continues to fascinate me.

I am currently deepening my knowledge in the areas of internal infrastructures and malware development. This enables me not only to increase the precision of our penetration tests, but also to implement techniques such as lateral movement, local privilege escalation and full domain compromise in red team engagements even more effectively.

I have been passionate about ethical hacking and cyber security for as long as I can remember.

I currently have more than eight years of experience in Red Teaming and Penetration Testing and am winner of multiple Austrian (and European) Cyber Security Challenge CTFs.

While I was still studying computer science at Graz University of Technology, I dedicated myself to Penetration Testing and have been working in this industry continuously since summer 2017.

I am proud to also be part of the Pentesting 101 Master's lecture at the ISEC Institute at TU Graz.

My current focus lies on cloud environments and infrastructure, improving Red Team engagements by leveraging cloud-native technologies and tools for initial access, lateral movement and data exfiltration.