Professional Documents
Culture Documents
MVA Pass The Hash
MVA Pass The Hash
Module 3: Windows
Authentication Attacks
and Forensics
Erdal Ozkaya
Hasain
Al
Title
Marketing Group
Module Agenda
Pass-the-Hash, replay, reflection, brute force and cracking are some of
many malicious activities performed by attackers to gain access to
systems and lateral movement. Credentials are the ultimate
authentication verifiers, and an attacker who is able to obtain and
successfully present credential to the authentication server can assume
whatever security identity is associated with it.
Credentials and credentials artifacts are stored in memory during logon
authentication. The information often remain in memory, especially during
an interactive session, so that future authentication can be done quickly
and without requiring the user to reenter the credentials. As a result,
password hashes and tickets can be found in memory during active
sessions, as well as stored permanently.
This session will demonstrate how attackers use credential dependencies
Module Agenda
The authentication landscape
Pass the Hash
Privilege Escalation
Authentication
Landscape
PREVENT BREACH
+
ASSUME BREACH
Targeting
Phishing
Pass the
Hash
Custom
Malware
Applicatio
n Exploit
password
Use Bing and you can do it too (on Windows
7)
Data:
Servers and
Applications
Access:
Users and
Workstations
Attack Sophistication
Attack operators exploit any
weakness
Target information on any device or
service
Attack
Discovered
Privilege Escalation
Modern Attack T
Privilege Escalation with Credential Theft
(Typical)
24-48
Hours
1. Get in with Phishing Attack (or
other)
2. Steal Credentials
Demo
How attackers use credential dependencies to gain
elevated access to systems and perform lateral
movement
Summary
Free, online,
technical courses
Download Microsoft
software trials today.
Technet.microsoft.com/evalcente
r
Technet.microsoft.com/virtuallab
s
2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be
interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Icons