Learn, hack!

The shift from Windows Server 2003 / XP to Server 2008 / Windows 7 has come with some more or less subtle changes in the default behavior on key components, cornerstones of the security of this kind of infrastructures. Amongst these changes some affect the authentication mechanism in place when systems and users are part of an Active Directory domain. Such evolutions like the withdrawal of weak cryptographic algorithms, DES is no longer supported for cryptosystems, are for the sake of security. This talk will explore these new default behaviors when they deal with domain authentication protocols and their consequences on the ability for an attacker to steal both system and user credentials. In a first part, we will cursorily review the main changes in the defaults configuration of recent MS Windows systems as well as some advised hardening that might be in place on some security inclined environment. These settings tend to make usual credentials stealing and replay techniques inefficient. In a second part, we will present innovative techniques to tackle this new adversary environment and finally we will discuss stealthiness of these techniques for domain credential stealing.