Windows credential theft: Methods and mitigations

Author

Joseph Desimone

Abstract

Compromising Windows account credentials, especially in a domain environment, is a critical phase in an attack against an organization. This paper will first survey the most common tools and techniques used to uncover usernames and their plaintext credentials in standard red team procedures. These methods are compared against the new proposed method that uses low level hooking in the local security authority subsystem service to stealthily compromise plaintext credentials upon login. The latter has many advantages over pre-existing tools designed to capture credentials on Windows based computers. Finally, mitigation procedures will be examined that are designed to thwart credential theft or limit further domain compromise.

Library of Congress Subject Headings

Microsoft Windows (Computer file)--Security measures; Computers--Access control; Computer networks--Security measures; Computer crimes--Prevention; Rootkits (Computer software)

Publication Date

2012

Document Type

Thesis

Student Type

- Please Select One -

Advisor

Pan, Yin

Advisor/Committee Member

Yuan, Bo

Advisor/Committee Member

Mishra, Sumita

Comments

Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works in December 2013.

Recommended Citation

Desimone, Joseph, "Windows credential theft: Methods and mitigations" (2012). Thesis. Rochester Institute of Technology. Accessed from
https://repository.rit.edu/theses/625

Campus

RIT – Main Campus

Plan Codes

COMPSEC-MS