ExtraHop Logo
Try ExtraHop
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

DETECTION OVERVIEW

NTLMv1 Authentication

Risk Factors

NTLMv1 is a challenge-response authentication protocol for authenticating Windows systems when Kerberos is unavailable. A skilled attacker can easily intercept NTLM hashes and crack passwords offline. A successful exploit of NTLMv1 authentication can also enable an attacker to launch machine-in-the-middle (MITM) attacks or take complete control of a domain.

Kill Chain

Hardening

Risk Score

Next in Hardening: Plaintext Credentials Received over HTTP

Attack Background

Mitigation Options

Restrict or disable NTLMv1 authentication and enable Kerberos for authentication

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use casesArrow pointing right