• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Extracting Credentials from Windows

This presentation will provide an overview of common methods that can be used to obtain clear text credentials from Microsoft products such as Windows, IIS, and SQL Server. The discussion will focus on intended functionality that can be used for good or malicious purposes. As part the presentation proof of concept scripts written in Powershell and Metasploit will be released to help illustrate the techniques. The content will be semi-technical, and should be interesting to penetration testers, developers, and system administrators trying to gain a better understanding of the value and limitations of the methods commonly used to protect passwords in Windows environments.

Key learning points:
  • Microsoft's password protective controls have value and limitations.
  • Methods for extracting passwords from Microsoft Technologies are well known.
  • Excessive privileges are still one of the greatest related issues.

About Scott Sutherland

Scott Sutherland is a security consultant responsible for the development and execution of penetration test services at NetSPI. His role includes researching and developing tools, techniques and methodologies used during network and application penetration tests. As an active participant in the information security community, Sutherland performs security research in his free time and contributes technical security blog posts, presentations and tools on a regular basis through NetSPI. You can find him blogging on the NetSPI website and on Twitter.

About Antti Rantasaari

Antti is a security consultant currently responsible for the development, and execution of penetration test services at NetSPI. This role includes researching and developing tools, techniques, and methodologies used during network and application penetration tests.

Primary Sidebar

Details

Wednesday May 14, 2014
2:50 PM - 3:50 PM
Room 6
Level: Intermediate
Focus: Cybersecurity

Share this page

Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin
Buffer this page
Buffer
Email this to someone
email

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.