tag:blogger.com,1999:blog-5968836134591949637.post8441527358912125478..comments2024-03-16T04:36:27.856-07:00Comments on Still Passing the Hash 15 Years Later: WTH is PTHExorcysthttp://www.blogger.com/profile/04354783607463944232noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-5968836134591949637.post-49175262767391975922013-01-01T01:21:10.114-08:002013-01-01T01:21:10.114-08:00I'm glad you like the post! Thanks for the in...I'm glad you like the post! Thanks for the interest. Unfortunately, there isn't any way to prevent somebody from logging in with a hash if NTLM is being used. This was a design decision by MS 15+ years ago and it's still around today. In a perfect environment you could disable NTLM completely (requires win7+ clients, 2008r2 servers, running at a windows 2008R2 functional level on the domain). However, most environments cannot support this configuration. I'll talk about this more in a future post... too much detail for a commentExorcysthttps://www.blogger.com/profile/04354783607463944232noreply@blogger.comtag:blogger.com,1999:blog-5968836134591949637.post-33082228038828932832012-12-31T14:40:28.898-08:002012-12-31T14:40:28.898-08:00Thanks for the explanations. Pretty helpful. I&#...Thanks for the explanations. Pretty helpful. I've enjoyed your pass the hash demo videos very much too.<br /><br />How would MS fix Windows to remediate PtH attacks? I was thinking if there was some setting where you can disable allow-hash-to-authenticate at a user account or security group level (i.e. so the users must enter only their passwords or use 2FA to authenticate).<br /><br />Looking forward to blog posts about Windows authentication.<br /><br />Thanks.Anonymoushttps://www.blogger.com/profile/14931802648085545306noreply@blogger.com