Presentation is loading. Please wait.

Presentation is loading. Please wait.

2 User: Sue Password hash: C9DF4E… Sue’s Laptop User: Sue Password: a1b2c3 Sue’s User Session User: Sue Password hash: C9DF4E… File Server 1 2 3 Sue’s.

Published byJanice Franklin Modified over 8 years ago

Similar presentations

Presentation on theme: "2 User: Sue Password hash: C9DF4E… Sue’s Laptop User: Sue Password: a1b2c3 Sue’s User Session User: Sue Password hash: C9DF4E… File Server 1 2 3 Sue’s."— Presentation transcript:

1

2 2

3

4 User: Sue Password hash: C9DF4E… Sue’s Laptop User: Sue Password: a1b2c3 Sue’s User Session User: Sue Password hash: C9DF4E… File Server 1 2 3 Sue’s User Session 4 1.Sue enters username and password 2.PC creates Sue’s user session 3.PC proves knowledge of Sue’s hash to Server 4.Server creates a session for Sue

5 User: Fred Hash:A3 D7 Fred’s Laptop Fred’s User Session User: Fred Password hash: A3D7… Sue’s Laptop Sue’s User Session Malware User Session User: Fred Password hash: A3D7… Malware User Session User: Fred Hash: A3D7 User: Sue Hash: C9DF User: Sue Password hash: C9DF… File Server User: Sue Hash:C9 DF 1 2 3 1.Fred runs malware 2.Malware infects Sue’s laptop as Fred 3.Malware infects File Server as Sue

6

7 7 The virus erased data on three-quarters of Aramco’s corporate PCs — documents, spreadsheets, e-mails, files — replacing all of it with an image of a burning American flag. “… I wouldn’t say the vendor had AD credentials but that the internal administrators would use their AD login to access the system from inside. This would mean the sever had access to the rest of the corporate network...”

8 PsExec EULA You are not permitted to use PsExec for illegal activity.

9 User: Sue Hash: C9DF4E… Sue’s Laptop PTHDemo-DC Local Security Authority (LSASS) NTLM Digest Kerberos NTOWF: C9DF4E56A2D1… Password: a1b2c3 Ticket- Granting Ticket Service Ticket Password: a1b2c3 User: Sue 192.168.1.1 Service Ticket “Credential footprint” PTHDemo-DC

10

11

12 Sue’s Laptop Local Security Authority (LSASS) NTLM Digest Kerberos NTOWF: C9DF4E56A2D1… Password: a1b2c3 Ticket- Granting Ticket Credential Store Service Ticket NTOWF: A3D723B95DA…

13

14

15 Fred’s Laptop Security Accounts Manager User: Admin Hash:A2 DF… User: Admin Hash:A2 DF… Sue’s Laptop Security Accounts Manager User: Admin Hash:A2 DF…

16

17

18

19 Sue’s Laptop Local Security Authority (LSASS) NTLM Digest Kerberos NTOWF: C9DF4E56A2D1… Password: a1b2c3 Ticket- Granting Ticket Credential Store Service Ticket

20

21

22

23 User: Sue Pass:a1b 2c3 Fred’s Laptop Sue’s Helpdesk PC Remote Desktop Client LSASS NTLM NTOWF: C9… Digest Pass: a1b2c3 Kerberos Tick et Mimikatz Credential Store

24

25

26 Pass-the-Hash Technique Pass-the-Hash on Windows Today New Windows Mitigations: Local Account Domain Account Restricted Remote Administration Authentication Policies and Silos

27 IT admin terminal Domain Controller User: Sue Lobby kiosk User: Sue Fred Sue

28 PTHDemo Domain “Sue Lockdown” Authentication Silo Users SueFred “Sue Lockdown” Authentication Policy Ticket lifetime:4 hours Conditions: Users use Silo PCs Computers Fred-PCSue-PC Policy:“Sue Lockdown” Members: Sue; Sue- PC Silo:Su e …

29

30

31

32

33

Download ppt "2 User: Sue Password hash: C9DF4E… Sue’s Laptop User: Sue Password: a1b2c3 Sue’s User Session User: Sue Password hash: C9DF4E… File Server 1 2 3 Sue’s."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.

Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Learning to Live with an Advanced Persistent Threat

Learning to Live with an Advanced Persistent Threat
Using Kerberos the fundamentals. Computer/Network Security needs: Authentication Who is requesting access Authorization What user is allowed to do Auditing.

Using Kerberos the fundamentals. Computer/Network Security needs: Authentication Who is requesting access Authorization What user is allowed to do Auditing.
ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised 24-48 Hours Domain Admin Compromised Data Exfiltration (Attacker.

ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker.
Chapter 8 Chapter 8: Managing Accounts and Client Connectivity.

Chapter 8 Chapter 8: Managing Accounts and Client Connectivity.
KerberSim CMPT 495 Fall 2004 Jerry Frederick. Project Goals Become familiar with Kerberos flow Create a simple Kerberos simulation.

KerberSim CMPT 495 Fall 2004 Jerry Frederick. Project Goals Become familiar with Kerberos flow Create a simple Kerberos simulation.
Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:

Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.

Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
Chapter 3 – Creating and Managing User Accounts MIS 431 – Created Spring 2006.

Chapter 3 – Creating and Managing User Accounts MIS 431 – Created Spring 2006.
Exposing the Secrets of Windows Credential Provider Presented By: Subrat Sarkar Give me your password.

Exposing the Secrets of Windows Credential Provider Presented By: Subrat Sarkar Give me your password.
Introduction to Kerberos Kerberos and Domain Authentication.

Introduction to Kerberos Kerberos and Domain Authentication.
Penn State University College Of Education Understanding College of Education Resources.

Penn State University College Of Education Understanding College of Education Resources.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.

Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.

Similar presentations

Ads by Google