RE: Threat vector of running a service using a domain account
- From: "Ramsdell, Scott" <Scott.Ramsdell@xxxxxxxxxxx>
- Date: Fri, 14 Sep 2007 09:01:05 -0400
Saqib,
I believe you're right. Each time I've run cachedump for demonstration
I do not receive hashes for services logging in over the network, I only
receive hashes for interactive users.
Kind Regards,
Scott Ramsdell
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Ali, Saqib
Sent: Thursday, September 13, 2007 12:42 PM
To: Jay
Cc: smanaois3@xxxxxxxxx; security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Threat vector of running a service using a domain account
If a server does cache these creditonals then these can be attackedindependant of the AD and its underlying security controls.
If a service uses domain credential, do those credentials get cached?
I thought only interactive logon credentials are cached.
saqib
http://security-basics.blogspot.com/
- Follow-Ups:
- RE: Threat vector of running a service using a domain account
- From: Roger A. Grimes
- RE: Threat vector of running a service using a domain account
- References:
- Prev by Date: RE: Threat vector of running a service using a domain account
- Next by Date: RE: Threat vector of running a service using a domain account
- Previous by thread: Re: Threat vector of running a service using a domain account
- Next by thread: RE: Threat vector of running a service using a domain account
- Index(es):
Relevant Pages
|
