BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.pass-the-salt.org//pts2022//talk//NEYFDV
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-pts2022-NEYFDV@cfp.pass-the-salt.org
DTSTART;TZID=CET:20220706T145500
DTEND;TZID=CET:20220706T151500
DESCRIPTION:Have you ever come across a website that used NTLM-based authen
 tication\, and you just could not authenticate with your browser nor BurpS
 uite even though you knew your credentials were correct? NTLM Extended Pro
 tection for Authentication (EPA) might be the culprit... Indeed\, Firefox\
 , among others\, does not support the NTLM EPA mechanism and fails to auth
 enticate.\n\nThis new protection was implemented to prevent relay attacks 
 on webservers. With the rise of the powerful attack chain that involves AD
 CS\, Petit Potam and NTLM relay\, this protection has proven to be very us
 eful!\n\nWhat can we do then?! How are we going to use all our favorite to
 ols? By creating a proxy of course! This implied multiple problematics\, s
 uch as TLS interception\, HTTP parsing\, NTLM authentication\, EPA impleme
 ntation\, and so on.
DTSTAMP:20260610T033924Z
LOCATION:Amphitheater
SUMMARY:Dissecting NTLM EPA & building a MitM proxy - Pierre Milioni
URL:https://cfp.pass-the-salt.org/pts2022/talk/NEYFDV/
END:VEVENT
END:VCALENDAR