Data Management

Circumventing Locks and Access Controls

Free registration required

Executive Summary

Modern operating systems typically restrict access to critical or sensitive resources. For example, an internal database may not be intended for users to view or a resource may be currently in use. Such is the case when attempting to access the password databases maintained on systems running Microsoft Windows. When conducting a penetration test, circumvention techniques are usually required to extract a copy of such files because they are locked by the Windows kernel. It is recognized that the ability to acquire password hashes from a local system is not new. However, existing popular techniques present certain complications in an ethical penetration testing scenario.

  • Format: PDF
  • Size: 2447.36 KB