Superimposing Nothing Nowhere

The internet is littered with wastes of space. This one is no different except that it is my waste of space.

Wednesday, July 30, 2008

Attacking NTLM

Defcon presentation times have been confirmed for a few weeks now and I've been slaving away at my slides and source code for a while now. I gave a pre-talk at work the other day and have decided to redo a lot of the slides. That's what you get when you ask for slides 38 days before the presentation. :)

Of course I'll have the full slides on-line after the conference but if you're coming to Defcon please come to my talk: Friday, August 8th at 2pm.

What exactly will I be talking about? Well, it's really difficult to describe succinctly but the best way I can say it is: An XSS inside your company == Total Domain Ownage.



Was that a scoff I just heard under your breath? Honestly, I'm not lying here. Because of the way NTLM and Windows Single Sign-On works your run-of-the-mill cross site scripting error on an internal resource can DEVASTATE your enterprise!

Stay tuned.

at 8:02 PM

Labels: , ,

2 comments:

CG said...

i'll be there...looking forward to it!

4:07 AM
Graeme said...

..and it's almost completely un-detectable since you're not doing anything malicious.

10:02 AM

Post a Comment

Subscribe to: Post Comments (Atom)