You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
coercion techniques
About this tag
Coercion techniques in Windows environments refer to methods attackers use to force authentication from high-value targets like domain controllers, enabling lateral movement and privilege escalation. Despite security improvements, NTLM relay and authentication coercion attacks remain prevalent in 2025, often exploiting default configurations. These techniques allow low-privileged accounts to escalate to domain dominance. Defending against coercion requires enforcing mitigations such as SMB signing, Extended Protection for Authentication, and disabling NTLM where possible. This tag covers the evolving threat landscape, attack vectors, and practical defenses for enterprise Active Directory environments.
NTLM relay attacks, once thought to be a relic of the past, have re-emerged as a significant threat in modern Active Directory environments. Despite years of research and incremental security improvements, most enterprise domains remain susceptible to these attacks, creating wide-reaching risks...
Few developments in enterprise cybersecurity have proved as persistent—and as adaptive—as Windows authentication coercion attacks. Despite years of steady security investments by Microsoft and mounting awareness within the IT community, these sophisticated offensive techniques continue to...
Authentication coercion attacks have emerged as a formidable and evolving threat to enterprise networks leveraging Windows infrastructure. Despite significant advances in native Microsoft security controls, even low-privileged domain accounts can still exercise a range of techniques to force...