Nytro Posted September 29, 2012 Report Posted September 29, 2012 Defcon 20 - Owned In 60 Seconds: From Network Guest To Windows Domain Admin Description: Their systems were fully patched, their security team watching, and the amateur pentesters just delivered their "compliant" report. They thought their Windows domain was secure. They thought wrong.Zack Fasel (played by none other than Angelina Jolie) brings a New Tool along with New methods to obtain Windows Integrated Authentication network requests and perform NTLM relaying both internally and externally. The Goal? Start off as a nobody and get domain admin (or sensitive data/access) in 60 seconds or less on a fully patched and typically secured windows environment. The Grand Finale? Zack demonstrates the ability to *externally* gain access to a Windows domain user's exchange account simply by sending them an email along with tips on how to prevent yourself from these attacks.In just one click of a link, one view of an email, or one wrong web request, this new toolset steals the identity of targeted users and leverages their access. Call your domain admins, hide your road warriors, and warn your internal users. Zack will change the way you think about Windows Active Directory Security and trust relationships driving you to further harden your systems and help you sleep at night. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Defcon 20 - Owned In 60 Seconds: From Network Guest To Windows Domain Admin Quote
