Why You Need to Detect More than PtH

by Matthew Hathaway, Jeff Myers
Sept. 23, 2017 0 comments Black Hat belen_caty Pen Testing & Audits pth

Compromised credentials are a key predatory weapon in the attackers arsenal, and this isn't changing in the foreseeable future. This talk will systematically explore why they can be prevented but never cut off completely, and how to leverage this knowledge in detection. In closing, we will pick apart IoCs focused on Pass-the-Hash (PtH), while detailing more efficient detection techniques focused on misused, donated, or otherwise compromised credentials.

https://www.blackhat.com/us-14/archives.html#why-you-need-to-detect-more-than-pth