Part of the AvengerCon VII presentations cleared for public release:
Presented by MAJ George Sieretzki.
Did you know that as you sit working behind your MS Windows workstation, you may be unwittingly aiding an aggressor by sending them your credentials?! In this presentation will introduce "forced authentication attacks", or "NTLM relay" attacks in the MS Domain environment. We will look at a number different types of triggers for these attacks including BIRDBOX, ADIDNS, WPAD, DHCP, HTTP, EFSRPC, and maybe more. We will examine some common tools, example payloads, limitations, mitigations, and one or two live (fingers crossed) demos.
Boiler:
AvengerCon is a free security event hosted every fall by Maryland Innovation and Security Institute to benefit the hackers of the U.S. Cyber Command community and the U.S. Army 780th Military Intelligence Brigade. The event is open to all service members and employees of U.S. Cyber Command and Department of Defense personnel supporting cyberspace missions. AvengerCon features presentations, hacker villages, training workshops, and much more.
The event is open to all service members and employees of U.S. Cyber Command and Department of Defense, and related partners supporting cyberspace missions.
The views expressed are those of the presenter, and do not reflect the official position of the 780th Military Intelligence Brigade, U.S. Cyber Command, the Department of the Army, or Department of Defense.
Date Taken: | 12.01.2022 |
Date Posted: | 01.04.2023 10:53 |
Category: | Series |
Video ID: | 870236 |
VIRIN: | 221201-O-PX639-244 |
Filename: | DOD_109398172 |
Length: | 00:29:30 |
Location: | US |
Downloads: | 0 |
High-Res. Downloads: | 0 |
This work, AvengerCon VII: BIRDBOX: If you see it, it's already too late, by Steven Stover, identified by DVIDS, must comply with the restrictions shown on https://www.dvidshub.net/about/copyright.
LEAVE A COMMENT