Artwork

Konten disediakan oleh Black Hat and Jeff Moss. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Black Hat and Jeff Moss atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
Player FM - Aplikasi Podcast
Offline dengan aplikasi Player FM !

Daiji Sanai and Hidenobu Seki: Optimized Attack for NTLM2 Session Response (English)

51:51
 
Bagikan
 

Manage episode 155121171 series 1146743
Konten disediakan oleh Black Hat and Jeff Moss. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Black Hat and Jeff Moss atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
"Windows 2000 SP3 or later and Windows XP now use a new network logon authentication method by default, the NTLM2 Session Response. Employed by Windows 2000, this unproven authentication method is considered to reduce the vulnerability found in network LM and NTLM v1 authentication. In this session, we will describe and demonstrate our audit approach for detecting easy-to-crack passwords from packets traveling on the network in real time. This approach was developed based on our thorough investigation of the characteristics of this NTLM2 Session Response. We will also discuss the possibility of attacks being attempted against Windows XP SP2 and the differences between our approach and the famous rainbow table used for analyzing Windows passwords. Daiji Sanai, President & CEO, SecurityFriday Co., Ltd. Best known as a specialist in the field of personal information security, Daiji Sanai has a long history engaging in a wide variety of activities to address security issues associated with personal information. In 2000, he organized a network security research team, SecurityFriday.com, and has continued his technology research as a leader, focusing on intranet security. In 2001 Daiji Sanai presented ""Promiscuous Node Detection Using ARP Packets"" at the BlackHat Briefings USA in Las Vegas. In 2003, SecurityFriday Co., Ltd. was founded based on his research team, and he was named President and Chief Executive Officer. Hidenobu Seki, aka Urity works as a network security specialist at SecurityFriday Co., Ltd in Japan. He has published many tools, ScoopLM/BeatLM/GetAcct/RpcScan etc. He has been a speaker at the Black Hat Windows Security 2002, 2003 and 2004."
  continue reading

22 episode

Artwork
iconBagikan
 
Manage episode 155121171 series 1146743
Konten disediakan oleh Black Hat and Jeff Moss. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Black Hat and Jeff Moss atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
"Windows 2000 SP3 or later and Windows XP now use a new network logon authentication method by default, the NTLM2 Session Response. Employed by Windows 2000, this unproven authentication method is considered to reduce the vulnerability found in network LM and NTLM v1 authentication. In this session, we will describe and demonstrate our audit approach for detecting easy-to-crack passwords from packets traveling on the network in real time. This approach was developed based on our thorough investigation of the characteristics of this NTLM2 Session Response. We will also discuss the possibility of attacks being attempted against Windows XP SP2 and the differences between our approach and the famous rainbow table used for analyzing Windows passwords. Daiji Sanai, President & CEO, SecurityFriday Co., Ltd. Best known as a specialist in the field of personal information security, Daiji Sanai has a long history engaging in a wide variety of activities to address security issues associated with personal information. In 2000, he organized a network security research team, SecurityFriday.com, and has continued his technology research as a leader, focusing on intranet security. In 2001 Daiji Sanai presented ""Promiscuous Node Detection Using ARP Packets"" at the BlackHat Briefings USA in Las Vegas. In 2003, SecurityFriday Co., Ltd. was founded based on his research team, and he was named President and Chief Executive Officer. Hidenobu Seki, aka Urity works as a network security specialist at SecurityFriday Co., Ltd in Japan. He has published many tools, ScoopLM/BeatLM/GetAcct/RpcScan etc. He has been a speaker at the Black Hat Windows Security 2002, 2003 and 2004."
  continue reading

22 episode

Minden epizód

×
 
Loading …

Selamat datang di Player FM!

Player FM memindai web untuk mencari podcast berkualitas tinggi untuk Anda nikmati saat ini. Ini adalah aplikasi podcast terbaik dan bekerja untuk Android, iPhone, dan web. Daftar untuk menyinkronkan langganan di seluruh perangkat.

 

Panduan Referensi Cepat