Jason Soroko, Entrust’s head of malware research, is causing quite the RSA buzz with his latest video presentation: “Pass the Hash.”
Outlined in a blog post a few weeks ago, Soroko explains about a lesser-known attack vector that exploits single sign-on (SSO) technology added to Windows about 20 years ago. And it’s still exploitable in most corporate networks. The presentation highlights the issue of identity ambiguity and why traditional defenses are important, but insufficient.
The worrying part? Even today, this type of attack is poorly defended by the majority of security solutions found and promoted on the RSA event floor.
Every time you log in to a Windows-based PC, a cryptographic hash of your username and password is stored in a protected portion of memory on your PC. That hash is simply an alphanumeric representation of your username and password. When cybercriminals are able to access that hash, it can be used to authenticate to computers on the network where the user has credentials.
Visit us all week at Entrust Booth 2615 to hear Jason discuss what happens if your network hash is compromised and how to defend your network from malicious attacks. Have a few minutes? Don’t be afraid to ask him about SMS redirection, sessions-riding, deep malware pipelines and more.