YoVDO

BADPDF - Stealing Windows Credentials via PDF Files

Offered By: media.ccc.de via YouTube

Tags

Conference Talks Courses Cybersecurity Courses Network Security Courses Password Cracking Courses

Course Description

Overview

Discover how PDF files can be weaponized to automatically leak Windows user NTLM hashes without user interaction or exploitation. Explore the basic structure of PDF files, focusing on the Dictionary object where the vulnerability lies. Learn about a proof of concept that injects malicious code into benign PDF files, causing NTLM hash leaks upon opening. Understand the impact of this attack by examining captured NTLM hashes on remote SMB servers and the process of cracking them to retrieve original passwords. Gain insights into the Microsoft NTLM authentication protocol, its continued use in supporting older systems, and how it can be exploited beyond Microsoft Office and Windows OS internal functions.

Syllabus

GPN19 - BADPDF – Stealing Windows Credentials via PDF Files


Taught by

media.ccc.de

Related Courses

An Introduction to Computer Networks
Stanford University via Independent Computer Networks
University of Washington via Coursera Computer Networking
Georgia Institute of Technology via Udacity Cybersecurity and Its Ten Domains
University System of Georgia via Coursera Model Building and Validation
AT&T via Udacity