Home / Companies / Crowdstrike / Blog / Post Details
Content Deep Dive

Your Session Key Is My Session Key: How to Retrieve the Session Key for Any Authentication

Blog post from Crowdstrike

Post Details
Company
Date Published
Author
-
Word Count
2,515
Company Posts That Month
Language
English
Hacker News Points
-
Post removed?
No
Summary

The blog post discusses a critical vulnerability discovered by Preempt researchers, now part of CrowdStrike, in the NTLM authentication protocol used in Active Directory environments. This vulnerability allows attackers to retrieve session keys for any authentication attempt, enabling them to establish signed sessions against servers without proper authorization. Despite the introduction of mitigations such as server signing to defend against NTLM relay attacks, the vulnerability persisted until a recent Microsoft security update. The post emphasizes the importance of patching systems, enabling server and LDAP signing, and reducing the use of NTLM to minimize risks. Additionally, it highlights that the vulnerability affects all Windows versions and provides steps to secure environments against such attacks.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
AI Agents 2 2,394 1,321 1 -
Zero Trust 2 1,843 1,331 3 +61333%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.