[event]Windows Security – Atacuri de tip Pass-the-Hash

[m1dst1k]

De?i atacurile de tip Pass-the-Hash (PtH) exist? de mai bine de 15 ani, sunt pu?in cunoscute de profesioni?tii IT. În aceast? sesiune dorim s? oferim cât mai multe informa?ii despre aceste atacuri ?i s? discut?m tehnicile de mitigare disponibile

Speaker: Tudor Damian, Microsoft Virtual Machine MVP

Inregistrare aici:

https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032590340&Culture=RO-RO&community=0

//inca unul

Vrei sa afli ce mai e nou in lumea IoT?

"Internet of Things: show and tell" va avea loc pe 25 iunie 2014 la Connect Hub, Bulevardul Dacia nr. 99, Bucuresti. Ne vom intalni si vom discuta despre cele mai recente proiecte IoT care isi pregatesc iesirea pe piata, despre hardware dar si despre cele mai noi trenduri in domeniu.

Detalii aici:

https://www.eventbrite.com/e/internet-of-things-show-and-tell-tickets-11994809799

Edited June 18, 2014 by m1dst1k

[LichValue]

Citez de pe wikipedia:

In cryptanalysis and computer security, pass the hash is a hacking technique that allows an attacker to authenticate to a remote server/service by using the underlying NTLM and/or LanMan hash of a user's password, instead of requiring the associated plaintext password as is normally the case.

After an attacker obtains a valid user name and user password hashes values (somehow, using different methods and tools), he or she is then able to use that information to authenticate to a remote server/service using LM or NTLM authentication without the need to brute-force the hashes to obtain the cleartext password (as it was required before this technique was published). The attack exploits an implementation weakness in the authentication protocol in that the password hashes are not salted, and therefore remain static from session to session until the password is next changed.

Adica, mai pentru incepatori, nu iti trebuie parola in plain text, ci doar username-ul si hash-ul parolei asociate usernameului, iar prin diferite metode te poti loga in acest fel.