İçeriğe geç

Windows Authentication and Attacks 101 – Notlar

Authentication 101

A good authentication process depend on two things:

  • Authentication Protocol and,
  • Authentication mechanism.

Authentication mechanism can be your user ID and password, smart card etc. In windows environment it’s usually your username and password.

The first three protocols (LM, NTLM and NTLMv2) are also referred as NTLM family protocols.

And two Password hashing techniques

  • LM Hash
  • NTLM Hash

There are 4 Authentication Protocols
There are two password hashing algorithms.

NT and NTLM protocols are weak and deprecated.

NTLMv2 is “secure” but Kerberos is preferred.

Kerberos is used in a Domain environment however NTLMv2 is still active.

Password Storage

Some might disagree and argue that windows keep clear text password in main memory. They are not wrong, in certain edge cases, listed below, Windows keep clear text passwords in main memory:

Kaynak: https://medium.com/@browninfosecguy/windows-authentication-and-attacks-101-part-a-dbe757f2f436

Kategori:Active Directory

İlk Yorumu Siz Yapın

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir