Spooky authentication at a distance

Conference:  Defcon 31


Authors:   Tamas Jos (SkelSec) Principal Security Consultant, Sec-Consult AG


Spooky authentication at a distance outlines a new and innovative post-exploitation technique to proxy common authentication protocols used in Windows environments remotely and with no elevated privileges required. This allows security professionals to perform complete impersonation of the target user on their own machine without executing any further code on the target machine besides the agent itself. This talk will also demonstrate the applicability of this new technique by performing no-interaction, full domain takeover using a malicious peripheral in a simulated restricted environment.


Post a comment

Related work