NTLM Vulnerability Scanner

What is NTLM Vulnerability?

NT LAN Manager (NTLM) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users. However, NTLM has several known vulnerabilities that can be exploited by attackers, including NTLM relay attacks, where an attacker can capture and relay authentication credentials to gain unauthorized access.

This scanner helps you identify systems in your network that might be vulnerable to NTLM relay attacks and other NTLM-related security issues.

How to Mitigate NTLM Vulnerabilities

• Enable SMB Signing on all systems
• Implement Extended Protection for Authentication (EPA)
• Use Kerberos instead of NTLM where possible
• Enable Channel Binding for NTLM
• Restrict NTLM authentication in your domain
• Keep systems updated with the latest security patches