Airstrike Attack - FDE bypass and EoP on domain joined Windows workstations (CVE-2021-28316)

[correlate]

[correlate]

Level 18
Thread author
Verified
Top Poster
Well-known
Forum Veteran
May 4, 2019
803
9,648
1,670
New York
Content source
https://shenaniganslabs.io/2021/04/13/Airstrike.html
By default, domain joined Windows workstations allow access to the network selection UI from the lock screen.
An attacker with physical access to a locked device with WiFi capabilities (such as a laptop or a workstation) can abuse this functionality to force the laptop to authenticate against a rogue access point and capture a MSCHAPv2 challenge response hash for the domain computer account.
This challenge response hash can then be submitted to crack.sh to recover the NTLM hash of the computer account in less than 24 hours.
Click to expand...
shenaniganslabs.io

Airstrike Attack - FDE bypass and EoP on domain joined Windows workstations (CVE-2021-28316)

By default, domain joined Windows workstations allow access to the network selection UI from the lock screen. An attacker with physical access to a locked device with WiFi capabilities (such as a laptop or a workstation) can abuse this functionality to force the laptop to authenticate against a...
shenaniganslabs.io
 
  • Like
Reactions: vtqhtr413, Gandalf_The_Grey and simmerskool
You must log in or register to reply here.

You may also like...