Скачать или смотреть Russ Swift "Dumping AD Hashes Without Process Injection"

Dumping AD Hashes Without Process Injection
Russ Swift
@0xsalt

I will be presenting on methods of dumping active directory password hashes from a domain controller by using the Volume Shadow Copy Service or direct disk access to make a copy of the NTDS.dit, SYSTEM and SAM files from a running DC. I will give a history of old methods and detail new methods and ideas for detecting them.

evolution of getting password hashes
current and new methods
tools and credentials prep
getting your tools onto the dc
volume shadow copy service
powersploit ninjacopy direct disk access
export and extract
crack them
pass them
detect vssown / ninjacopy activity?

Russ is a security practitioner in the greater Los Angeles area with ten years of experience providing security
engineering, pentesting and consulting services to Fortune 100 finance and entertainment companies. Russ has
developed information security courseware for pentesting and training companies and is currently a SANS research and curriculum advisor. Russ has pentesting experience in the areas of network infrastructure, Active Directory, wireless and antivirus evasion.