Mitigating PtH attacks

Are you familiar with Pass-the-Hash (PtH) attacks? This is a form of credentials theft, in which the attacker captures account logon information on one computer and then uses those credentials to authenticate to other computers over the network. They do this by stealing the hash values, rather than plaintext passwords. It’s a particularly serious problem because it could allow the attacker to gain access to the domain controllers and servers that contain sensitive data.

You can find out all about how PtH attacks can be performed against Microsoft operating systems and learn about mitigations for these attacks, in a very comprehensive 84 page paper that you can download free from the Microsoft web site, called Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques. Check it out here:

http://www.microsoft.com/en-us/download/details.aspx?id=36036

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top