Version v0.4

other: The Legend of Windows: A Link to the Hash


A new vector for stealing NTLM hashes - how Windows is giving out your hashes since XP.

During one of our IT security investigation we have observed an undocumented Windows feature which leaks much valued hashes from the system. No complicated exploitation is needed to play the trick we will present and it can drastically speed up owning all the users in the systems and reaching to domain administration privileges.


Day: 2017-07-07
Start time: 18:10
Duration: 00:40
Room: Klapka
Track: /r/netsec



Concurrent events