Windows 10 security question: How do miscreants use these for post-hack persistence?

Discussion in 'other security issues & news' started by mood, Dec 6, 2018.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    11,439
    Windows 10 security question: How do miscreants use these for post-hack persistence?
    Infosec duo worked out how to remotely set their own answers
    December 6, 2018

    https://www.theregister.co.uk/2018/12/06/windows_10_security_questions_remotely_defined_answers/
    "When everyone's dog is named Fluffy - Abusing the brand-new security questions in Windows 10 to gain domain-wide persistence" (PDF): https://i.blackhat.com/eu-18/Wed-Dec-5/eu-18-Baz-When-Everyones-Dog-Is-Named-Fluffy.pdf
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,059
    Location:
    U.S.A. (South)
    The more they change things, the more folks discover things are not so changed after all.

    LSA Secrets goes back to Windows 98 if not mistaken. Cool find by those mad hatters :D
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.