Page 1 of 1
- FreeBooterSite Admin
OS : Windows 10
Arch. : x64 (64-bit)
Anti-Malware : ESET Smart Security
Posts : 2147
Rubies : 837150
Likes : 219
What are Pass the Hash (PtH) Attacks
Pass the Hash (PtH) is a hacking technique by which an attacker can authenticate to a remote server or service by using the Windows NT LAN Manager (NTLM) authentication protocol or LanMan hash of a user password.
A typical PtH attack starts with one end point being compromised by malware, which then manages to gain administrator-level access. With this access, the malware can steal the user’s derived credentials and impersonate the user on other devices. As the attacker moves laterally across he network and finds additional devices to which the user has access, the malware can steal the derived credentials from other users who previously signed in to those devices.
Over time, an attacker can typically gain access to more and more derived credentials that have increased levels of network access. Eventually, it is likely that domain administrator accounts can be compromised, and then the consequences can be even worse.
Here are the Microsoft features that address password and PtH attacks in Windows 10:
- Microsoft Passport
- Windows Hello
- Isolated User Mode
The PtH attack is one of the most popular types of credential theft and reuse attack seen by Microsoft to date.
Our recommendations for addressing PtH attacks in Windows 10:
- Restrict and protect high privileged domain accounts.
- Restrict and protect local accounts with administrative privileges.
- Remove standard users from the local administrators group.
- Limit the number and use of privileged domain accounts.
- Configure outbound proxies to deny Internet access to privileged accounts.
- Ensure administrative accounts do not have email accounts.
- Update applications and operating systems.
- Remove LM hashes.
- Disable the NTLM protocol.
Did you find this tutorial helpful? Don’t forget to share your views with us.
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 1 of 1
Permissions in this forum:You can reply to topics in this forum