Overview
Explore the vulnerabilities of Microsoft NTLM authentication protocol in this 23-minute conference talk from Security BSides San Francisco. Delve into how PDF files can be weaponized to automatically leak Windows users' NTLM hashes without user interaction. Learn about the persistence of NTLM in supporting older systems despite the implementation of Kerberos. Discover how this exploit differs from traditional attacks targeting Microsoft Office and Windows OS internal functions. Gain insights into the potential security risks associated with PDF files and their ability to compromise Windows credentials.
Syllabus
BSidesSF 2019 - BADPDF: Stealing Windows Credentials via PDF Files (Ido Solomon • Adi Ikan)
Taught by
Security BSides San Francisco