• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Extracting Credentials from Windows

This presentation will provide an overview of common methods that can be used to obtain clear text credentials from Microsoft products such as Windows, IIS, and SQL Server. The discussion will focus on intended functionality that can be used for good or malicious purposes. As part the presentation proof of concept scripts written in Powershell and Metasploit will be released to help illustrate the techniques. The content will be semi-technical, and should be interesting to penetration testers, developers, and system administrators trying to gain a better understanding of the value and limitations of the methods commonly used to protect passwords in Windows environments.

Key learning points:
  • Microsoft's password protective controls have value and limitations.
  • Methods for extracting passwords from Microsoft Technologies are well known.
  • Excessive privileges are still one of the greatest related issues.

About Scott Sutherland

Scott Sutherland is a security consultant responsible for the development and execution of penetration test services at NetSPI. His role includes researching and developing tools, techniques and methodologies used during network and application penetration tests. As an active participant in the information security community, Sutherland performs security research in his free time and contributes technical security blog posts, presentations and tools on a regular basis through NetSPI. You can find him blogging on the NetSPI website and on Twitter.

About Antti Rantasaari

Antti is a security consultant currently responsible for the development, and execution of penetration test services at NetSPI. This role includes researching and developing tools, techniques, and methodologies used during network and application penetration tests.

Primary Sidebar

Details

Wednesday May 14, 2014
2:50 PM - 3:50 PM
Room 6
Level: Intermediate
Focus: Cybersecurity

Share this page

Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin
Buffer this page
Buffer
Email this to someone
email

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.