Skip to Content.
Sympa Menu

ad-assurance - [AD-Assurance] interesting teched sessions that overlap with our topic area

Subject: Meeting the InCommon Assurance profile criteria using Active Directory

List archive

[AD-Assurance] interesting teched sessions that overlap with our topic area


Chronological Thread 
  • From: Brian Arkills <>
  • To: "" <>
  • Subject: [AD-Assurance] interesting teched sessions that overlap with our topic area
  • Date: Thu, 9 May 2013 20:46:20 +0000
  • Accept-language: en-US
  • Authentication-results: sfpop-ironport01.merit.edu; dkim=neutral (message not signed) header.i=none

I came across these two yesterday:

 

http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/ATC-B210

 

Pass the Hash (PtH) has become one of the most widespread attacks affecting our customers. Many of our customers have made it their top priority to address PtH. In response, Microsoft has assembled a workgroup to investigate effective and practical mitigations that could be used now as well as future platform modifications. This presentation covers the problem of credential theft and re-use, focusing on Pass-the-Hash attacks as an example, and discusses Microsoft’s recommended mitigations. The presenters are members of the Cybersecurity Services team.

 

http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/ATC-B301

 

Wherever and whenever you enter your password in the password field, there is at least one mechanism that must know it to use it later for the designed purpose. The common knowledge is that when we set up our password in Windows it is hashed and stored either in SAM or ntds.dit database in Active Directory. This is useful for verification purposes, but if your operating system can re-use the password it means others can decrypt it! In this intensive session, learn the encryption and decryption techniques being used nowadays in systems, networks, and applications. We look at the various technology weaknesses and try to take passwords from the places where they are used by the operating system to perform several operations. Become familiar with some unexpected places for your passwords and learn what you can do to mitigate the risk before somebody else grabs them! Session covers passwords’ internals. Have a cup of coffee before attending!

---

That Microsoft workgroup mentioned in the top one sounds like folks we'd really like to talk to, and I'm going to see if I can't hunt down the speakers.

 

I'll also try to attend these sessions in early June.

 

-B



  • [AD-Assurance] interesting teched sessions that overlap with our topic area, Brian Arkills, 05/09/2013

Archive powered by MHonArc 2.6.16.

Top of Page