BSidesSF 2019 has ended
Back To Schedule
Monday, March 4 • 11:45am - 12:15pm
BADPDF: Stealing Windows Credentials via PDF Files

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Microsoft NTLM is an authentication protocol used on networks that includes systems running the Windows operating system and stand-alone systems. Despite Microsoft's implementation of Kerberos, NTLM is still in use in order to support older systems. Many exploits in the past targeted Microsoft Office and Windows OS internal functions in order to cause the leaking of Windows users' NTLM hashes, which can then be cracked and disclose the original passwords. Are those the only products vulnerable to NTLM credential theft? Find out how PDF files can be weaponized to automatically achieve NTLM hash leaks with no user interaction.

avatar for Adi Ikan

Adi Ikan

Cyber Security Research Team Leader, Check Point Software Technologies
Adi Ikan is a Cyber Security Research Team Leader at Check Point Software Technologies. Adi has served as an Officer in the IDF Intelligence Corps 8200 Unit in various research and development roles.Adi Holds a M.Sc. in Financial Mathematics and a B.Sc. in Applied Mathematics at Bar-Ilan... Read More →
avatar for Ido Solomon

Ido Solomon

Security Researcher, Check Point Software Technologies
Ido Solomon is a Security Researcher at Check Point Software Technologies’ IPS Research and Urgent Protections team. Ido holds a B.Sc. in Information Systems Engineering at Ben-Gurion University.

Monday March 4, 2019 11:45am - 12:15pm PST
City View