Deep dive into Windows relaying attacks
2023-09-08, 14:25–15:10 (Europe/Berlin), Tesla

Windows relaying attacks have been around for ages - yet, we have still to see a company where such attacks do not work.

In this presentation we will dive into NTLM and Kerberos, talk about how relaying works (and why), show some real world examples and discuss why it's so difficult to prevent these attacks.
We will dissect SMB/NTLM authentication as well as some secure channel sessions Windows use to verify credentials, and we'll throw some crypto here and there - but we'll make sure that everyone can follow this!

Bojan is the Chief Technical Officer in INFIGO IS, a Croatian information security company. He leads INFIGO's offensive team, which is full of amazing researchers and one of the biggest in the region.
Besides this, Bojan is also a SANS certified instructor. He teaches the SEC542 (Web application penetration testing and ethical hacking) course, which he also co-authored.
Finally, he is a senior SANS Internet Storm Center handler, where he tries to regularly analyze new attacks and post (hopefully) interesting information about them.