I published the following diary on isc.sans.org: “Collecting Users Credentials from Locked Devices“.
It’s a fact: When a device can be physically accessed, you may consider it as compromised. And if the device is properly hardened, it’s just a matter of time. The best hacks are the ones which use a feature or the way the computer is supposed to work. To illustrate this, let’s review an interesting blog post published yesterday[1]. It demonstrates how easy it is to steal credentials from a locked computer… [Read more]
RT @xme: [/dev/random] [SANS ISC Diary] Collecting Users Credentials from Locked Devices https://t.co/qPypXAGetY
@xme hardcoding DNS of hosts within those zones to protect against Responder doing DNS poisoning, but it’s a PITA for large networks.
@xme in corporate environment, this will likely break stuff. An idea we’ve been playing with is to limit NTLM auth to specific zones +
@xme -> Internet options – Security – Custom level for all zones:
User authentication – Logon – Prompt for user name and password
@xme A fix for non-corporate machines is to force a prompt when NTLM authentication is requested.
RT @xme: [/dev/random] [SANS ISC Diary] Collecting Users Credentials from Locked Devices https://t.co/qPypXAGetY
RT @xme: [/dev/random] [SANS ISC Diary] Collecting Users Credentials from Locked Devices https://t.co/qPypXAGetY