Getting User Credential is Not Only Admins' Privilege
Author: Anton Sapozhnikov
If an attacker has only user level access to an infected machine inside corporate internal network, that means he or she has quite a limited number of ways to get the password of that user. Already known techniques require additional network access or great amount of luck. Having no access to internal network and absence of admin privileges is a common case during spear phishing attacks and social engineering activities. This talk will cover a brand new technique to grab credentials from a pwned machine even without admins privileges. The technique is possible due to a design flaw in the Windows SSPI implementation. A proof of concept tool will also be presented.
Anton is a Senior Consultant for KPMG Russia. He has more than 7 years of experience in penetration testing, worked with many companies from the Fortune Global 500 list. In his spare time Anton participates in CTFs with More Smocked Leet Chicken, the team awardee and winner of Codegate, HITB, DEFCON, etc.