ssrf, webappsec, xss, ntlm, responder — 18 December 2017 Leveraging web application vulnerabilities to steal NTLM hashes Introduction NTLM authentication is the de-facto standard in corporate networks running Windows. There are a plethora of well-understood local attacks that take advantage of the way Windows perform automatic NTLM authentication, and abusing this feature is undoubtedly on the playbook...