WSUS Is SUS NTLM Relay Attacks in Plain Sight

Source provenance. Raw material catalogued for the wiki ingest pipeline. Lives offline at raw_sources/offensive-security/ingested/WSUS Is SUS_ NTLM Relay Attacks in Plain Sight.md.

Status: integrated

Excerpt

Windows Server Update Services (WSUS) is a trusted cornerstone of patch management in many environments, but its reliance on HTTP/HTTPS traffic makes it a prime target for attackers operating on the local network. By intercepting and relaying WSUS authentication flows, it’s possible to capture NTLM hashes from both user and machine accounts, turning routine update traffic into an opportunity for c…