Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Pass The Hash

Published: 2010-02-25
Last Updated: 2010-02-25 00:25:54 UTC
by Chris Carboni (Version: 1)
0 comment(s)

I've always loved the offensive side of security.  Give me permission and a network to break into and I'm a happy guy.

One of my favorite techniques is the "pass the hash" attack.

Why bother spending precious time cracking a password if you can simply provide the target system what it's already expecting, a hash?

Recent tool advances make this a much easier attack to perform than it has been in the past and it is more likely than ever that attackers are using this technique on your systems.

Bashar Ewaida completed a nice Gold paper on the subject in the Sans Reading Room.

If you're not familiar with this technique, the tools that can be used or how to mitigate the attack, take a look at Bashar's paper.

 

Christopher Carboni - Handler On Duty

Keywords: hash password
0 comment(s)
Diary Archives