Def Con 23 - Gerard Laygui - Forensic Artifacts From A Pass The Hash Attack

Description: A pass the hash (PtH) attack is one of the most devastating attacks to execute on the systems in a Windows domain. Many system admins are unaware about this type of attack and the amount of damage it can do. This presentation is for the system admins that don't have a full time forensics person working with them. This presentation will help identify key windows events and explain why these events are important. The presentation will also show various free tools that can assist in examining some of the common evidence left behind. The presentation will explain and demonstrate a pass the hash attack against common windows systems in an example domain. In the end, the presentation may offer some insight into what an attacker wants and needs to use PtH to pivot in a network.



Speaker Bio:

Gerard has been in the IT industry for almost 20 years. He has held various network admin, system admin, web admin and security related positions throughout his career. He currently works for a Fortune 50 company doing compromise forensics and malware reverse engineering.



For More Information Please Visit: - https://www.defcon.org/html/defcon-23/dc-23-index.html

Tags:





Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.