NTLM Authentication and Insecure Ciphers

RetroTutorial: Installing MS-DOS LAN Manager 2.2c

When it comes to identity management, a directory is a repository of accounts. An account represents an entity with attributes and an identity to identify it uniquely. Password, as an authenticator, is the most commonly implemented authentication factor, something you know, so password breach results in a severe business impact.

Protecting passwords at rest, in transit, and in use is crucial. The account database can exist as a system file, registry, data structure in the memory, backup file in tapes, or in any ephemeral or persistent form in any storage. Understanding how operating systems store, convey, and cache authenticators (the password itself or its derivatives) for authentication is critical to minimizing the attack vectors and surface.

Continue reading

Kerberos Pre-authentication

Authenticating using Kerberos
Authenticating using Kerberos (Source: OMAL PERERA)

Kerberos comprises three architectural elements: client, server (aka AP, application server), and Key Distribution Center (KDC). The KDC comprises two servers: Authentication Server (AS) and Ticket-Granting Server (TGS). Kerberos uses a request/response model that defines the messages exchanged between the client, server, and KDC. Major Kerberos messages are listed as follows:

  • Client and AS: KRB_AS_REQ (1) and KRB_AS_REP (2)
  • Client and TGS: KRB_TGS_REQ (3) and KRB_TGS_REP (4)
  • Client and AP: KRB_AP_REQ (5) and KRB_AP_REP (6)
Continue reading


CISSP考試心得 – 廖毓銘 (Joy)
~ 廖毓銘 (Joy), 助理總教練, CISSP, CISM, ISO 27001/27701 LA, CSM



CISSP之路充滿挑戰! 已經偏離(不規律)或脫離(已停止)大群組SCRUM的同學, 請務必【用力地】重新啟動/加入大群組SCRUM,加入互助與共好的行列!

大家都是業界的資深及專業人士,因此WUSON無意像升學補習班,緊盯同學的進度,而是希望大家能為了自己的目標與理想展現決心並持續努力, 不論是為了自我提升, 證照, 加薪, 升遷, 服務, 或更大的使命。這個過程當然會遇到種種的困難及挑戰,但只要大家【不放棄】,WUSON一定會全力協助大家,直到通過考試為止! 如果準備考試的過程有遇到任何阻礙或需要任何協助,請務必跟教練及同學連絡及互動,或私訊給我!

到目前為止,我們有65位同學上場考試,54位順利摘金,上場的過關率為83%. 也就是大家只要願意報名考試,並按步就班的學習,每10位WUSON的同學, 就有8位能通過考試!

WUSON六月班同學Vincent (@Vincent Liang) 說得很好:設定目標最大的意義是【讓我們能夠真正的啟動學習計晝】!完成目標設定之日就是採取行動之日,就是我們CISSP之旅的起點!謝謝大家在這個階段選擇WUSON,很榮幸有這個機會在CISSP之路陪伴大家!

台灣需要1500位CISSP! 我們一起努力! 一起成功喔!

Best regard

What Does Your Endeavor Result In, Outputs or Outcomes?

Outputs are the results of initiatives, activities, processes, or functions, while outcomes are outputs that deliver value, resulting from benefits subtracted by costs. From the PMI perspective, organizations typically group initiatives into projects, programs, and portfolios, which are core elements of a strategy.

Difference between Outputs and Outcome (Source: Vijay Tiwari)
Difference between Outputs and Outcome (Source: Vijay Tiwari)
Continue reading