Kerberos is the cornerstone of Windows domain authentication, but NTLM is still used to accomplish everyday tasks. These tasks include checking email, sharing files, browsing websites and are all accomplished through the use of a password hash. Skip and Chris will utilize several tools that have been ÒenhancedÓ to connect to Exchange, MSSQL, SharePoint and file servers using hashes instead of passwords. This demonstrates the "so what" of losing control of the domain hashes on your domain controller: all of your data can be compromised.
Alva "Skip" Duckwall has been using Linux back before there was a 1.0 kernel and has since moved into the information security arena doing anything from computer/network auditing, to vulnerability assessments and penetration testing. Skip currently works for a group doing full-scope penetration testing. Skip currently holds the following certs:GSE, CISSP, CISA, and RHCE. Skip currently works for Northrop Grumman as a Sr. Cyber Something or other.
Works for Northrop Grumman as a full-scope penetration tester for several years. He holds many industry certifications and a Master of Science in IA from Capitol College. Chris served over ten years in the Army with most of that time as a Signal Officer.