There are two main types of authentication methods, namely NTLM and Kerberos.
- Kerberos: default AD authentication service that authenticates users by granting tickets which can be used to access resources
- NetNTLM: default Windows authentication method that uses challenge-response authentication
Coercing NetNTLM
Although Kerberos is the default method of authentication for modern Windows systems, if an IP is used (e.g.
dir \\DC_IP\SYSVOLvsdir \\FQDN\SYSVOL), Windows is forced to use NetNTLM, which can be more stealthy if IDS is checking for pass-the-hash and overpass-the-hash attacks.