Home > Uncategorized > Security News #0x68

Security News #0x68

Exploits
  • The current alpha version of mimikatz apparently now lets the attacker extract the PIN used in keberos authentication.
Learning More
  • The EMET tool is a key component of the defense of any Windows system. Ars Technica reports on a new attack by folks at Bromium Labs that bypasses EMET 4.1. If you really want to understand what is going on, you should read the original whitepaper (.pdf).
For Students
  • Understanding pass-the-hash attacks is key to understanding how attackers will move through a Windows network. If you want to learn how these work (and you do!) then take a look at Sam Bowne’s walkthrough of a pass the hash attack against Windows 8.1 and MRL’s demo of pass the hash via RDP.
  • Talking about hashes, students- you have to know the right way to implement password hashing in any application that you develop. Take a look at Crackstation for tips on the right and the wrong ways to implement salted password hashing.
Industry News
Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: