ad-assurance - [AD-Assurance] RE: interesting teched sessions that overlap with our topic area
Subject: Meeting the InCommon Assurance profile criteria using Active Directory
List archive
[AD-Assurance] RE: interesting teched sessions that overlap with our topic area
Chronological Thread
- From: "Capehart,Jeffrey D" <>
- To: "" <>
- Subject: [AD-Assurance] RE: interesting teched sessions that overlap with our topic area
- Date: Thu, 6 Jun 2013 13:40:02 +0000
- Accept-language: en-US
- Authentication-results: sfpop-ironport03.merit.edu; dkim=neutral (message not signed) header.i=none
|
The recording for the first session is now available online. Time is 80 minutes.
The second program is today, so it may take 24-48 hours for it to be posted. -Jeff C. From: [mailto:]
On Behalf Of Brian Arkills I came across these two yesterday: http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/ATC-B210 Pass the Hash (PtH) has become one of the most widespread attacks affecting our customers. Many of our customers have made it their top priority to address PtH. In response, Microsoft has assembled a workgroup to investigate effective and
practical mitigations that could be used now as well as future platform modifications. This presentation covers the problem of credential theft and re-use, focusing on Pass-the-Hash attacks as an example, and discusses Microsoft’s recommended mitigations.
The presenters are members of the Cybersecurity Services team. http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/ATC-B301 Wherever and whenever you enter your password in the password field, there is at least one mechanism that must know it to use it later for the designed purpose. The common knowledge is that when we set up our password in Windows it is hashed
and stored either in SAM or ntds.dit database in Active Directory. This is useful for verification purposes, but if your operating system can re-use the password it means others can decrypt it! In this intensive session, learn the encryption and decryption
techniques being used nowadays in systems, networks, and applications. We look at the various technology weaknesses and try to take passwords from the places where they are used by the operating system to perform several operations. Become familiar with some
unexpected places for your passwords and learn what you can do to mitigate the risk before somebody else grabs them! Session covers passwords’ internals. Have a cup of coffee before attending! --- That Microsoft workgroup mentioned in the top one sounds like folks we'd really like to talk to, and I'm going to see if I can't hunt down the speakers. I'll also try to attend these sessions in early June. -B |
- [AD-Assurance] RE: interesting teched sessions that overlap with our topic area, Capehart,Jeffrey D, 06/06/2013
- Re: [AD-Assurance] RE: interesting teched sessions that overlap with our topic area, Jeff Whitworth, 06/06/2013
- [AD-Assurance] RE: interesting teched sessions that overlap with our topic area, Brian Arkills, 06/11/2013
Archive powered by MHonArc 2.6.16.