Attacks & Threats
Relay Attack
Also known as: Authentication relay
Definition
An attack that forwards an authentication exchange in real time between two parties, so the attacker is authenticated without ever knowing the credentials.
Examples
- NTLM-relay tools (ntlmrelayx, PetitPotam, PrinterBug) coercing Domain Controllers into authenticating to a relay.
- Car-key relay attack: one radio near the keys in the house, another near the parked car, unlocking and starting it.
Related terms
Replay Attack
An attack that captures legitimate network traffic — typically authentication tokens or transactions — and retransmits it later to impersonate the original sender.
Man-in-the-Middle Attack
An attack in which an adversary secretly relays or alters communications between two parties who believe they are talking directly to each other.
NTLM Authentication
A legacy Windows challenge-response authentication protocol that proves a user's identity from a stored password hash, now considered weak by modern standards.
Mutual TLS (mTLS)
An extension of TLS in which both the client and the server present X.509 certificates so that each side cryptographically authenticates the other.
Kerberos
A ticket-based network authentication protocol that uses symmetric cryptography and a trusted Key Distribution Center to enable secure single sign-on across services.
Session Hijacking
An attack that takes over a victim's authenticated session by stealing or forging the session identifier so the attacker can act as the user without their credentials.