Version v0.4

other: The Legend of Windows: A Link to the Hash

Event_large

A new vector for stealing NTLM hashes - how Windows is giving out your hashes since XP.

During one of our IT security investigation we have observed an undocumented Windows feature which leaks much valued hashes from the system. No complicated exploitation is needed to play the trick we will present and it can drastically speed up owning all the users in the systems and reaching to domain administration privileges.

Info

Day: 2017-07-07
Start time: 18:10
Duration: 00:40
Room: Klapka
Track: /r/netsec

Links:

Files

Concurrent events