Despite its name, the "New Technology LAN Manager" (NTLM) authentication protocol is far from contemporary. While newer, more secure authentication protocols like Kerberos have taken its place in recent Windows iterations, NTLM persists, primarily for backward compatibility. Consequently, it remains present—perhaps even active—in many organizational setups. This session will illustrate the ease with which NTLMv1 and NTLMv2 hashes can be intercepted and subsequently cracked using tools such as Responder and Hashcat. More crucially, we will delve into network defense strategies and introduce an effective detection tool that spots NTLM credential harvesting, readily integrating it with your IDS alert framework.

Summit Speaker

John Cuzzola

Director of Information Security, Thompson Rivers University

John Cuzzola is the information security director for Thompson Rivers University (TRU), where he has also taught computer science courses as sessional faculty. John has co-authored 17 research papers and holds two patents as lead inventor. Before TRU, John was the information technology director for the Kamloops-Thompson School District. He holds a MSc. in Information Systems and security certifications of Certified Ethical Hacker (CEH) Master and COMPTIA PenTest+.

Summit Speaker

Taylar Masson

Senior Information Security Analyst, Thompson Rivers University

Taylar is the Senior Information Security Analyst at Thompson Rivers University. Though still early in his IT career at 7 years he has gained knowledge in all areas of technology, currently focusing on Security. The opportunity to learn from the famous Hugh Burley prior to his retirement had some influence on that. Taylar can usually be found tracking down security alerts or following up with users on their spam email.

Technology Track

Session Format
Speaker Presentation (45 minutes)