This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, July 28 • 11:15am - 12:30pm
Understanding the Windows SMB NTLM Weak Nonce vulnerability

Sign up or log in to save this to your schedule and see who's attending!

In February 2010, we found a vulnerability in the SMB NTLM Windows Authentication mechanism that have been present in Windows systems for at least 14 years (from Windows NT 4 to Windows Server 2008). You probably haven't heard about this vulnerability, but basically the authentication mechanism used by all Windows systems to access remote resources using SMB was flawed, allowing attackers to get read/write access to remote resources and remote code execution without credentials, using different techniques such as passive replay attacks, active collection of duplicate challenges/responses, and prediction of challenges. This vulnerability is also a good example of flaws found in challenge-response authentication mechanisms.


This presentation will describe the vulnerability in detail, including its scope and severity, explain different techniques to exploit the flaws found and demo fully functional exploit code.

Wednesday July 28, 2010 11:15am - 12:30pm
Day 1 - OS Wars

Attendees (30)