Wednesday, July 30, 2008

Attacking NTLM

Defcon presentation times have been confirmed for a few weeks now and I've been slaving away at my slides and source code for a while now. I gave a pre-talk at work the other day and have decided to redo a lot of the slides. That's what you get when you ask for slides 38 days before the presentation. :)

Of course I'll have the full slides on-line after the conference but if you're coming to Defcon please come to my talk: Friday, August 8th at 2pm.

What exactly will I be talking about? Well, it's really difficult to describe succinctly but the best way I can say it is: An XSS inside your company == Total Domain Ownage.



Was that a scoff I just heard under your breath? Honestly, I'm not lying here. Because of the way NTLM and Windows Single Sign-On works your run-of-the-mill cross site scripting error on an internal resource can DEVASTATE your enterprise!

Stay tuned.

2 comments:

CG said...

i'll be there...looking forward to it!

Graeme said...

..and it's almost completely un-detectable since you're not doing anything malicious.