NTLM Relay to Exchange

05.06.2024 ยท dadevel

Microsoft Exchange Web Services (EWS) can be used as NTLM Relay Sink over HTTP.

Since February 2024 Extended Protection for Authentication aka Channel Binding is enabled by default on Exchange servers (source), but this requires an end-to-end TLS connection from the client to the server. If a load balancer or reverse proxy is present, it must use exactly the same certificate as the Exchange server (source).

Untested tools: