TA577 Tactics: NTLM Hash Theft Through SMB Thread Hijacking by: Marianne Bermejo
September 27, 2024 (GMT +8)
13:00
Ballroom 1 & 2
My presentation revolves around the ongoing challenges faced by organizations worldwide in combating evolving tactics and threats. By exploiting NT LAN Manager (NTLM) hashes through thread hijacking, attackers utilized deceptive emails with zipped HTML attachments to bypass email filters, infiltrating systems undetected. These seemingly harmless attachments served as gateways for malicious activities, redirecting users via the Server Message Block (SMB) protocol to external servers, thus compromising system security. The attackers' objective was clear: to obtain NTLMv2 challenge/response pairs and NTLM hashes, facilitating unauthorized access to sensitive data.
To achieve their goals, malicious actors employed tailored tools and tactics for both Linux and Windows environments, demonstrating a sophisticated understanding of system vulnerabilities. I am going to demonstrate how attackers utilize tools like Impacket, to exploit NTLM authentication traffic, extract hashes and execute commands remotely. These incidents underscore the urgent need for organizations to strengthen their defenses against evolving cyber threats.
Speaker
Marianne Bermejo I'm Marianne Bermejo, a dedicated Associate Malware Research Engineer passionate about cybersecurity, both offensive and defensive strategies . I hold a degree in Electronics and Communications Engineering, which has equipped me with the foundation in technology and both analytical and critical skills. My journey involves diving deep into malicious code, uncovering sophisticated attack techniques, and devising innovative solutions to mitigate risks. My goal is to contribute to a safer digital ecosystem by staying one step ahead of cyber adversaries.
« Back