NTLM Authentication and Insecure Ciphers

Posted on August 30, 2022 by Wentz Wu

RetroTutorial: Installing MS-DOS LAN Manager 2.2c

When it comes to identity management, a directory is a repository of accounts. An account represents an entity with attributes and an identity to identify it uniquely. Password, as an authenticator, is the most commonly implemented authentication factor, something you know, so password breach results in a severe business impact.

Protecting passwords at rest, in transit, and in use is crucial. The account database can exist as a system file, registry, data structure in the memory, backup file in tapes, or in any ephemeral or persistent form in any storage. Understanding how operating systems store, convey, and cache authenticators (the password itself or its derivatives) for authentication is critical to minimizing the attack vectors and surface.

Continue reading →

Kerberos Pre-authentication

Posted on August 29, 2022 by Wentz Wu

Authenticating using Kerberos (Source: OMAL PERERA)

Kerberos comprises three architectural elements: client, server (aka AP, application server), and Key Distribution Center (KDC). The KDC comprises two servers: Authentication Server (AS) and Ticket-Granting Server (TGS). Kerberos uses a request/response model that defines the messages exchanged between the client, server, and KDC. Major Kerberos messages are listed as follows:

Client and AS: KRB_AS_REQ (1) and KRB_AS_REP (2)
Client and TGS: KRB_TGS_REQ (3) and KRB_TGS_REP (4)
Client and AP: KRB_AP_REQ (5) and KRB_AP_REP (6)

Continue reading →

永不放棄的CISSP之路！

Posted on August 26, 2022 by Wentz Wu

CISSP考試心得 – 廖毓銘 (Joy) — 挫折在所難免，難得的是你仍然堅持下去。
~ 廖毓銘 (Joy), 助理總教練, CISSP, CISM, ISO 27001/27701 LA, CSM

Joy挺過3+1次CISSP考試失利的挫折，令人佩服！
台灣的CISSP，我最佩服的就是Joy助理總教練永不放棄、打死不退的精神！我看到的不是她這張叫作CISSP的證照，而是這張證照背後所代表的精神！

各位同學早安!

CISSP之路充滿挑戰! 已經偏離(不規律)或脫離(已停止)大群組SCRUM的同學, 請務必【用力地】重新啟動/加入大群組SCRUM，加入互助與共好的行列!

大家都是業界的資深及專業人士，因此WUSON無意像升學補習班，緊盯同學的進度，而是希望大家能為了自己的目標與理想展現決心並持續努力, 不論是為了自我提升, 證照, 加薪, 升遷, 服務, 或更大的使命。這個過程當然會遇到種種的困難及挑戰，但只要大家【不放棄】，WUSON一定會全力協助大家，直到通過考試為止! 如果準備考試的過程有遇到任何阻礙或需要任何協助，請務必跟教練及同學連絡及互動，或私訊給我!

到目前為止，我們有65位同學上場考試，54位順利摘金，上場的過關率為83%. 也就是大家只要願意報名考試，並按步就班的學習，每10位WUSON的同學, 就有8位能通過考試!

WUSON六月班同學Vincent (@Vincent Liang) 說得很好：設定目標最大的意義是【讓我們能夠真正的啟動學習計晝】！完成目標設定之日就是採取行動之日，就是我們CISSP之旅的起點！謝謝大家在這個階段選擇WUSON，很榮幸有這個機會在CISSP之路陪伴大家!

台灣需要1500位CISSP! 我們一起努力! 一起成功喔!

Best regard
Wentz

What Does Your Endeavor Result In, Outputs or Outcomes?

Posted on August 25, 2022 by Wentz Wu

Outputs are the results of initiatives, activities, processes, or functions, while outcomes are outputs that deliver value, resulting from benefits subtracted by costs. From the PMI perspective, organizations typically group initiatives into projects, programs, and portfolios, which are core elements of a strategy.