Agustin Azubel (Amplia Security)

Understanding the Windows SMB NTLM Weak Nonce Vulnerability

In February 2010, we found different vulnerabilities in the Windows SMB NTLM Authentication mechanism that have been present in Windows systems for at least 17 years (from Windows NT 3.1 to Windows Server 2008). You probably haven\'t heard about these vulnerabilities, but basically the authentication mechanism used by all Windows systems to access remote resources using SMB has been flawed, allowing attackers to get read/write access to remote resources and remote code execution without credentials, using different techniques such as passive replay attacks, active collection of duplicate challenges/responses, and prediction of challenges. These vulnerabilities is also a good example of flaws that can be found in challenge-response authentication mechanisms.

Sobre Agustin Azubel

Agustin Azubel has been working in the computer security industry since
the late nineties. He works as an independent consultant doing reverse
engineering, performing traditional software development, writing full
featured exploits and delivering in-depth vulnerability analysis. He
also worked for almost a decade at core security technologies where he
was involved in most of the key projects of that company. He is also a
member of the ampliasecurity team.

« volver a Speakers

NOVEDADES


diseño: GrafikaWeb