1.NTLM never sends the user's password across the network. Why is this not the same as being secure against credential theft?
2.What is the purpose of the server challenge (nonce) in the NTLM three-message exchange?
3.Why does a member server forward the NTLM response to a domain controller instead of verifying it locally?
4.An attacker captures an NTLMv2 challenge-response during an assessment. What two distinct paths does this open?
5.Why does requiring SMB signing stop relay attacks but not offline cracking attempts?
6.What is the most accurate way to explain why NTLM relay is so common in Active Directory assessments?
7.Which statement best captures the difference between NTLMv1 and NTLMv2?