Presented at
DEF CON 32 (2024),
Aug. 10, 2024, 1:30 p.m.
(45 minutes).
Microsoft is planning to kill off NTLM (New Technology Lan Manager) authentication in Windows 11 and above. Let's speedrun coercing hashes out of a few more things before it fades into obscurity over the next twenty five years or so.
There will be a deep dive on several new bugs we disclosed to Microsoft (including bypassing a fix to an existing CVE), some interesting and useful techniques, combining techniques from multiple bug classes resulting in some unexpected discoveries and some absolutely cooked bugs. We’ll also uncover some defaults that simply shouldn't exist in sensible libraries or applications as well as some glaring gaps in some of the Microsoft NTLM related security controls.
1. [link](https://blog.yappare.com/2019/01/bug-000114489-ssrf-in-portal-for-arcgis.html)
2. [link](https://blog.ss23.geek.nz/2023/09/21/iracing-electron-rce-exploit.html)
3. [link](https://www.blazeinfosec.com/post/web-app-vulnerabilities-ntlm-hashes/)
4. [link](http://varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes)
5. Varonis Threat Labs discovered a new Outlook exploit and three new ways to access NTLM v2 hashed passwords. [link](https://varonis.com)
Presenters:
-
Tomais Williamson
I'm an enthusiastic hacker who enjoys CTFs and have competed at an international level in the ICC CTF as well as being part of the CursedCTF 2024 winning team. I'm also an active security researcher with a bunch of CVEs and countless other bugs for a bunch of 'solved problems' in security.
-
Jim Rush
I'm a former software developer who has somehow ended up hacking things for a living, which is infinitely more fun as most of you know. I'm an active security researcher with several CVEs, including Blackboard, Moodle, Nuget, MS-Office and Kramer products.
Similar Presentations: