Attacking single factor authentication in web apps and Windows: The easiest way in is still through the front door.

BSides SATX 2017

Presented by: Jake Miller
Date: Saturday May 20, 2017
Time: 11:00 - 12:00
Location: Richter 214
Track: Track 1

During penetration testing, a significant amount of attention is (or should be) devoted to attacking the authentication process. In my experience testing networks and web applications I have noticed that it is common to be able to enumerate a system and obtain a list of users, which can then be used to launch password attacks and if successful can be used to gain access to a system. If the system happens to be a Windows network, then enumeration is easier and exploitation can be expanded by attacking flaws that exist within Active Directory/Kerberos and are not likely to be fixed.

Jake Miller

Jake Miller is a penetration tester that mainly focuses on web applications but also enjoys hacking networks. I turn to Python and Powershell to solve most computer related problems. Outside of tech and security I like running, pool, and cards.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats