[Author's Note: This is the 3nd in a multi-part series on the topic of "Protecting Privileged Domain Accounts". My primary goal is to help incident responders protect their privileged accounts when interacting with comprised hosts, though I also believe this information will be useful to anyone administering and defending a Windows environment.]Last week I discussed the fact that the only way to prevent LM hashes from loading in memory for interactive logons is to use a password of 15 or more characters. Furthermore, the fact that LM hash Rainbow Tables can crack the corresponding passwords in just a few seconds means that attackers who obtain these LM hashes will know the clear-text passwords almost instantly.Today we'll do one better. We'll look at a method for directly obtaining a user's ...![]()
![]()