Bypass NTLM Message Integrity Check – Drop the MIC

This technical write-up demonstrates how an attacker can exploit CVE-2019-1040 to remove the NTLM Message Integrity Code and relay SMB authentications to LDAPS, create domain computer accounts using default machine account quotas, and escalate to Domain Admin by creating delegated computer objects and requesting service tickets; it includes step-by-step commands (ntlmrelayx, Responder, Coercer, Impacket getST) and defensive recommendations such as enabling SMB signing, disabling LLMNR/NetBIOS/NTLM, and patching affected systems.