NTLM reflection is dead, long live NTLM reflection! – An in-depth

NTLM reflection, a vulnerability where authentication is relayed back to the originating machine, was thought to be fixed. However, a recent discovery shows that Kerberos reflection is not restricted, allowing for the bypassing of mitigations. This vulnerability occurs when the target name is considered localhost, triggering NTLM local authentication and enabling privileged access.