fgdump 3.0 - A First Look

Presented at ToorCon San Diego 13 (2011), Oct. 9, 2011, 2 p.m. (20 minutes)

fgdump has been in a stable state for quite some time, but one of the irritations has always been the change in the cached password storage mechanism that prevented us from grabbing cached passwords on Vista-and-later systems. Well, that problem has been solved. Furthermore, in a large domain environment, the vast majority of systems are workstations, and the heavy-handed approach of pwdump and fgdump were really slow. To that end, we've changed how fgdump works, such that it no longer has to upload a thing on the vast majority of systems - it all works over the wire. There are a few exceptions which the presentation will talk about. We've also added a few antivirus detection routines and other bells and whistles to simplify the process. This presentation will talk about the new changes, as well as the impact for both security folks and those who run the domains we're dumping. :) We will also be officially releasing the tool, in beta form, at the conference for everyone to enjoy.

Presenters:

  • Dave Russell / fizzgig as Dave "fizzgig" Russell
    Dave has worked on fgdump since about 2005, which had its roots as a shortcut to dumping large sets of passwords within a domain. He hates batch files. These days, he is involved in the payment card industry and forensics, though he still gets a chance to break out the compiler now and again. Dave has spoken at numerous security conferences, including Toorcon last year.

Similar Presentations: