Category: NTLM

How to Easily Bypass EPA to Compromise any Web Server that Supports Windows Integrated Authentication

As announced in our recent security advisory, Preempt researchers discovered how to bypass the Enhanced Protection for Authentication (EPA) mechanism...
Read Now

Drop the MIC – CVE-2019-1040

As announced in our recent security advisory on CVE-2019-1040, Preempt researchers discovered how to bypass the MIC (Message Integrity Code)...
Read Now

Your Session Key is My Session Key: How to Retrieve the Session Key for Any Authentication

As announced in our recent security advisory, Preempt researchers discovered a critical vulnerability that allows attackers to retrieve the session...
Read Now

Security Advisory: Critical Vulnerabilities in NTLM Allow Remote Code Execution and Cloud Resources Compromise

On June 2019 Patch Tuesday, Microsoft released patches for CVE-2019-1040 and CVE-2019-1019, two vulnerabilities discovered by Preempt researchers. The critical...
Read Now

What State-Sponsored Attacks Can Teach Us About Conditional Access

People often think that state-sponsored attacks from groups like Lazarus (North Korea), Fancy Bear (Russia) or menuPass (China) only target...
Read Now