ExtraHop Logo
Try ExtraHop
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

DETECTION OVERVIEW

Unusual NTLMv1 Authentication

Risk Factors

NTLMv1 is a challenge-response authentication protocol for authenticating Windows systems when Kerberos is unavailable. NTLMv1 has vulnerabilities that can enable an attacker to collect NTLM hashes or launch machine-in-the-middle (MITM) attacks.

The system might change the risk score for this detection.

Kill Chain

Caution

Risk Score

37

Detection diagram
Next in Caution: Weak Kerberos Encryption

Attack Background

N/A

Mitigation Options

Restrict or disable NTLM authentication and enable Kerberos for authentication

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use casesArrow pointing right