Common Hash Attacks

• Pass the Hash (PtH)
• Birthday Attack

Prevention

• Ensure trusted OS
• Proper Windows domain trusts
• Patching
• Multi-factor authentication
• Least privilege

Increasing Hash Security

• Key Stretching
• Salting
• Nonces (Number Used Once)
• Limiting Failed Login attempts