NTLM The Last Ride
Jim Rush, Tomais Williamson
DEF CON 32 Main Stage · Day 1 · Main Stage
In "NTLM The Last Ride" at DEF CON 32, security researchers Jim Rush and Tomais Williamson delivered a sobering assessment of the enduring vulnerability posed by **NTLM (New Technology LAN Manager)**, a legacy authentication protocol within Windows environments. Despite Microsoft's long-standing recommendations against its use and ongoing deprecation efforts, NTLM continues to be a persistent and often underestimated security risk. The talk highlighted how NTLM bugs frequently serve as critical "gateway bugs," enabling attackers to escalate privileges or gain deeper access within networks, often leading to significant bounties or impactful compromises.
AI review
Rush and Williamson delivered a brutally honest assessment of NTLM, unequivocally disproving the long-held myth of its demise. This talk serves as a critical, timely reminder that despite decades of deprecation efforts and 'feature complete' declarations, NTLM remains a pervasive and dangerous attack vector, consistently acting as a 'gateway bug' for significant compromises. Their work is a vital pushback against complacency, offering concrete evidence and actionable defensive strategies for a threat that far too many consider solved.