Silver Tickets Through the Printer Bug: How NTLMv1 Brings Down the Kingdom

Dustin Heywood (evil_mog)

Dustin Heywood (evil_mog)

Speaker Bio

EvilMog is a member of team hashcat, a password cracker for X-Force Red and a bishop of the church of wifi. He specializes in shenanigans and passwords.


Have you ever wanted to know how the MS-RPRN Print Spooler service can lead to local admin? This talk will go through the NTLMv1 hash format, reverse it to an NTLM hash, and show how to use that information to generate Silver Tickets. It will also cover defenses for this devastating attack.