John Heasman posted a sneak preview of our Black Hat presentation, which will happen in August in Las Vegas today. This particular attack is extremely interesting, multi-stage nastiness involving the use of Java to steal domain credentials. John describes this as:
"I'm going to revisit an old attack - pre-computed dictionary attacks on NTLM - and discuss how we can steal domain credentials from the Internet with a bit of help from Java. I'm going to split it into two posts. In this post we'll apply the attack to Windows XP (a fully patched SP3 with IE7). In my next post we'll consider its impact on Windows Vista."
Yeah, that's pretty serious. This brings me back to a discussion I had with a client about the risks of leaving things like Terminal Service open over the Internet. His argument was around the fact that it was protected by a strong password policy around the domain. This attack sort of renders that policy useless. I leave it to John's blog to discuss all of the gory details, but this gives you a sampling of some of what we will talk about at Black Hat Vegas. The presentation is a multi-part orgy of client side attacks and will have parts by Heasman, Billy Rios, Rob Carter, and myself. Hope to see you there!