This Week in Security: Filename Not Sanitized, MonikerLink, and Snap Attack!

Reading through a vulnerability report about ClamAV, I came across a phrase that filled me with dread: “The file name is not sanitized”. It’s a feature, VirusEvent, that can be …read more Continue reading This Week in Security: Filename Not Sanitized, MonikerLink, and Snap Attack!

Microsoft Improves Windows Security with a Path to Move Off NTLM

It’s time to stop relying on the insecure authentication protocol built into Windows. Microsoft is making it easier to switch to secure modern options. Continue reading Microsoft Improves Windows Security with a Path to Move Off NTLM

Using rainbow tables to obtain the first 7 characters of a windows password(LM/NTLMv1)

I am trying to understand how an attacker is able to use the halflm challenge rainbow table to obtain the first 7 characters of a windows password that was used to authenticate a user using LM/NTLMv1. To help you understand my confusion, c… Continue reading Using rainbow tables to obtain the first 7 characters of a windows password(LM/NTLMv1)