I received a new RegRipper plugin from Chakib today, rdpnla.pl. In short, the plugin checks the SecurityLayer value of the HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp key in order to determine if network level authentication is enabled or not.
So what?, you ask? Well, for one, this is a way to help prevent the Sticky Keys attack from succeeding. If you've found that a system had been subject to the attack and wanted to see if it would succeed, be sure to run this plugin.
This HowToGeek page has a graphical discussion of what some of the other settings look like for this key.
Thanks, Chakib!
No comments:
Post a Comment