BADPDF: Stealing Windows Credentials via PDF Files

Presented at BSidesSF 2019, March 4, 2019, 11:45 a.m. (30 minutes).

Microsoft NTLM is an authentication protocol used on networks that includes systems running the Windows operating system and stand-alone systems. Despite Microsoft's implementation of Kerberos, NTLM is still in use in order to support older systems. Many exploits in the past targeted Microsoft Office and Windows OS internal functions in order to cause the leaking of Windows users' NTLM hashes, which can then be cracked and disclose the original passwords. Are those the only products vulnerable to NTLM credential theft? Find out how PDF files can be weaponized to automatically achieve NTLM hash leaks with no user interaction.


Presenters:

  • Adi Ikan - Check Point Software Technologies
    Adi Ikan is a Cyber Security Research Team Leader at Check Point Software Technologies. Adi has served as an Officer in the IDF Intelligence Corps 8200 Unit in various research and development roles. Adi Holds a M.Sc. in Financial Mathematics and a B.Sc. in Applied Mathematics at Bar-Ilan University.
  • Ido Solomon - Check Point Software Technologies
    Ido Solomon is a Security Researcher at Check Point Software Technologies’ IPS Research and Urgent Protections team. Ido holds a B.Sc. in Information Systems Engineering at Ben-Gurion University.

Links:

Similar Presentations: