Compromising Windows account credentials, especially in a domain environment, is a critical phase in an attack against an organization. This paper will first survey the most common tools and techniques used to uncover usernames and their plaintext credentials in standard red team procedures. These methods are compared against the new proposed method that uses low level hooking in the local security authority subsystem service to stealthily compromise plaintext credentials upon login. The latter has many advantages over pre-existing tools designed to capture credentials on Windows based computers. Finally, mitigation procedures will be examined that are designed to thwart credential theft or limit further domain compromise.
Library of Congress Subject Headings
Microsoft Windows (Computer file)--Security measures; Computers--Access control; Computer networks--Security measures; Computer crimes--Prevention; Rootkits (Computer software)
- Please Select One -
Desimone, Joseph, "Windows credential theft: Methods and mitigations" (2012). Thesis. Rochester Institute of Technology. Accessed from
RIT – Main Campus