Credential forwarding:
domain credentials that are obtained by an attacker can be used to log on to other services that the victim is known to have access to. The attacker could then acquire permissions identical to that of the victim on the target service.
Credential reflection
domain credentials that are obtained by an attacker can be used to log back on to the victim’s machine. The attacker would then acquire permissions on that machine identical to that of the victim.
Integrated Windows Authentication (IWA)
With Integrated Windows Authentication (formerly called NTLM, and also known as Windows NT Challenge/Response Authentication), the user name and password (credentials) are hashed before being sent across the network. When you enable Integrated Windows Authentication, the client proves its knowledge of the password through a hashed cryptographic exchange with your Web server. Integrated Windows Authentication includes the Negotiate, Kerberos, and NTLM authentication methods.
Man-in-the-middle attack
A man-in-the-middle attack occurs when an attacker reroutes communication between two users through the attacker’s computer without the knowledge of the two communicating users. The attacker can monitor and read the traffic before sending it on to the intended recipient. Each user in the communication unknowingly sends traffic to and receives traffic from the attacker, all the while thinking that they are communicating only with the intended party.
Transport Layer Security (TLS)
The Transport Layer Security (TLS) Handshake Protocol is responsible for the authentication and key exchange necessary to establish or resume secure sessions. When establishing a secure session, the Handshake Protocol manages the following:
Cipher suite negotiation
Authentication of the server and optionally, the client
Session key information exchange
Service Principal Name (SPN)
A Service Principal Name (SPN) is the name by which a client uniquely identifies an instance of a service. If you install multiple instances of a service on computers throughout a network, each instance must have its own SPN. A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication. For example, an SPN always includes the name of the host computer on which the service instance is running, so a service instance might register an SPN for each name or alias of its host.
[参考]
Microsoft Security Advisory (974926)
Credential Relaying Attacks on Integrated Windows Authentication
1479
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
