Despite its name, the "New Technology LAN Manager" (NTLM) authentication protocol is far from contemporary. While newer, more secure authentication protocols like Kerberos have taken its place in recent Windows iterations, NTLM persists, primarily for backward compatibility. Consequently, it remains present—perhaps even active—in many organizational setups. This session will illustrate the ease with which NTLMv1 and NTLMv2 hashes can be intercepted and subsequently cracked using tools such as Responder and Hashcat. More crucially, we will delve into network defense strategies and introduce an effective detection tool that spots NTLM credential harvesting, readily integrating it with your IDS alert framework.

Summit Speaker

John Cuzzola

Director of Information Security, Thompson Rivers University

John Cuzzola is the information security director for Thompson Rivers University (TRU), where he has also taught computer science courses as sessional faculty. John has co-authored 17 research papers and holds two patents as lead inventor. Before TRU, John was the information technology director for the Kamloops-Thompson School District. He holds a MSc. in Information Systems and security certifications of Certified Ethical Hacker (CEH) Master and COMPTIA PenTest+.

Summit Speaker

Taylar Masson

Senior Information Security Analyst, Thompson Rivers University

Taylar is the Senior Information Security Analyst at Thompson Rivers University. He has always had an interest in finding how to fix and protect things, usually by breaking them first. Though Blue Team work makes up the majority of his job, he has a strong interest in Red Team activities, and now holds CEH certification to show for it.

He is always happy to share what he has learned, and is always wanting to keep up with the latest technology.

Technology Track

Session Format
Speaker Presentation (45 minutes)