Skip to Content.
Sympa Menu

ad-assurance - [AD-Assurance] RE: interesting teched sessions that overlap with our topic area

Subject: Meeting the InCommon Assurance profile criteria using Active Directory

List archive

[AD-Assurance] RE: interesting teched sessions that overlap with our topic area

Chronological Thread 
  • From: "Capehart,Jeffrey D" <>
  • To: "" <>
  • Subject: [AD-Assurance] RE: interesting teched sessions that overlap with our topic area
  • Date: Thu, 6 Jun 2013 13:40:02 +0000
  • Accept-language: en-US
  • Authentication-results:; dkim=neutral (message not signed) header.i=none

The recording for the first session is now available online.  Time is 80 minutes.


The second program is today, so it may take 24-48 hours for it to be posted.

-Jeff C.


From: [mailto:] On Behalf Of Brian Arkills
Sent: Thursday, May 09, 2013 4:46 PM
Subject: [AD-Assurance] interesting teched sessions that overlap with our topic area


I came across these two yesterday:


Pass the Hash (PtH) has become one of the most widespread attacks affecting our customers. Many of our customers have made it their top priority to address PtH. In response, Microsoft has assembled a workgroup to investigate effective and practical mitigations that could be used now as well as future platform modifications. This presentation covers the problem of credential theft and re-use, focusing on Pass-the-Hash attacks as an example, and discusses Microsoft’s recommended mitigations. The presenters are members of the Cybersecurity Services team.


Wherever and whenever you enter your password in the password field, there is at least one mechanism that must know it to use it later for the designed purpose. The common knowledge is that when we set up our password in Windows it is hashed and stored either in SAM or ntds.dit database in Active Directory. This is useful for verification purposes, but if your operating system can re-use the password it means others can decrypt it! In this intensive session, learn the encryption and decryption techniques being used nowadays in systems, networks, and applications. We look at the various technology weaknesses and try to take passwords from the places where they are used by the operating system to perform several operations. Become familiar with some unexpected places for your passwords and learn what you can do to mitigate the risk before somebody else grabs them! Session covers passwords’ internals. Have a cup of coffee before attending!


That Microsoft workgroup mentioned in the top one sounds like folks we'd really like to talk to, and I'm going to see if I can't hunt down the speakers.


I'll also try to attend these sessions in early June.



Archive powered by MHonArc 2.6.16.

Top of Page