Pass-the-Hash (PtH) refers to a technique that allows an attacker to capture account logon credentials on one compromised computer, and then use those captured credentials to authenticate to other computers across the network.
Many of our customers, including administrators who want to protect their networks are particularly interested in this technique. So, we wanted to open the conversation to our @msftsecurity Twitter followers, and hear what questions you had about PtH.
Today, we’ve post four short video segments answering some of the questions that we received on www.microsoft.com/pth.
- Video 1: PtH Overview: answers questions that we frequently hear when talking with customers. These span from questions about single sign-on (SSO) to specific features that help protect against PtH attacks.
- Video 2: Smart Card Authentication: dispels common myths related to smart cards.
- Video 3: Lightning Round: a rapid fire video segment which addresses multiple topics that were submitted including PtH event monitoring, securing Remote Desktop, and restricting an account to Kerberos only.
- Video 4: KRBTGT: provides a deeper look into KRBTGT mechanics and explains how to better protect against a post compromise scenario.
We saw this as an opportunity to accomplish two complementary objectives. First, to directly hear from customers which helps share additional insights that can then be used to inform future product roadmap decisions. Second, this also gave us the opportunity to dive deeper into questions that sometimes have complex answers.
We would like to thank everyone who submitted questions to the #AskPtH hashtag. These questions allowed us the opportunity to share our point of view and/or better understand our customers’ perspectives. Watch these videos and let us know what you think. Don’t forget to download the latest version of Mitigating Pass-the-Hash and other Credential Theft whitepaper for full details at www.microsoft.com/pth.