On Mon, Apr 8, 2013 at 5:01 PM, Kurt Buff <[email protected]> wrote: > On Mon, Apr 8, 2013 at 4:17 PM, Ben Scott <[email protected]> wrote: >> On Mon, Apr 8, 2013 at 7:06 PM, Kurt Buff <[email protected]> wrote: >>> Amusing? Alarming? Both? >>> http://labofapenetrationtester.blogspot.in/2013/04/poshing-the-hashes.html >> >> Neither? >> >> It seem to boil down to, if you steal credentials, you gain access >> to what those credentials protect. This should not be a surprise. >> :-) > > Not exactly neither - the use of WCE is the key, methinks. > > WCE allows theft of credentials from others accounts that are stored > in RAM, with the possible upgrade of credentials that this would > imply, if higher-security accounts such as DAs > > Agree with MBS that other tools could stand in for PowerShell, but WCE > was actually new to me. > > Granted, you must be local admin to use WCE, but if you're local admin > on a server or workstation, and a DA account logs in and leaves > credentials in memory, well, your task is accomplished. > > > > Kurt
That should read ", if higher-security accounts such as DAs log in where they shouldn't." Don't know how that disappeared... Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
