Throughout the last few entries, we’ve covered the basics of authentication coercion and relay attacks, as well as some novel real-world edge cases exploited by our team that use these techniques. This time let’s start digging into what comes after the first successful relay attack on a client’s network.
In our last entry, we covered the basics of authentication relay attacks and provided one example where these principles were used to execute a novel attack against a client environment. It should be obvious that execution of a relay attacks starts by gaining access to a set of network credentials.
What if I told you that, in many cases, the length and complexity of your password is completely irrelevant? That the constant trainings, the ever-increasing minimum length requirement and those little “password strength” meters that tell you just how Strong! your password really is, are entirely useless?