Mitigating Pass-the-Hash Attacks

One of the most popular types of credential theft and reuse attack seen by Microsoft to date is known as the Pass-the-Hash (PtH) attack. As the tools and techniques for credential theft and reuse attacks like the Pass-the-Hash (PtH) attack improve, malicious users are finding it easier to achieve their goals through these attacks. A PtH attack is very similar in concept to a password theft attack, but it relies on stealing and reusing password hash values rather than the actual plaintext password.

A PtH attack allows an attacker to obtain elevated permissions to privileged areas of volatile memory and file systems which are normally only accessible by system-level processes on at least one computer and then, the attacker attempts to steal user names/passwords or password hashes from the compromised computer to reuse the stolen credentials to access other computer systems and services on the network. This could allow an attacker to access domain controllers and other resources that contain sensitive data.

Download and read Microsoft’s white paper that discusses PtH attacks and other credential theft techniques. Other credential theft attacks include key logging and other plaintext password capture, passing tickets, and man-in-the-middle attacks.

Download the white paper from here – http://www.microsoft.com/en-us/download/details.aspx?id=36036

Share