skip to main content

Title: Exploring Windows Domain-Level Defenses Against Authentication Attacks

We investigated the security resilience of the current Windows Active Directory (AD) environments to Pass-the-Hash and Pass- the-Ticket credential theft attacks. While doing this, we discovered a way to trigger the removal of all previously issued authentication credentials for a client, thus preventing their use by attackers. After triggered, the user is forced to contact the domain administrators and to authenticate to the AD to continue. This could become the basis for a response that arrests the spread of a detected attack. Operating in a virtualized XenServer environment, we were able to carefully determine and recreate the conditions necessary to cause this response.
 [1] ;  [2]
  1. {Cyber Sciences} [ORNL
  2. Pacific Northwest National Laboratory (PNNL)
Publication Date:
OSTI Identifier:
DOE Contract Number:
Resource Type:
Resource Relation:
Conference: Cyber and Information Security Research Workshop 2016, Oak Ridge, TN, USA, 20160405, 20160407
Research Org:
Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)
Sponsoring Org:
ORNL work for others
Country of Publication:
United States