0Pricing
Ethical Hacking Academy · Lesson

Windows Authentication

NTLM and Kerberos.

How Windows Proves Identity

Windows authentication verifies who a user is before granting access. In domains this happens constantly between clients and the domain controller.

The two main protocols are NTLM (older, challenge-response) and Kerberos (modern, ticket-based). Both are heavily targeted.

Password Hashes

Windows never stores plaintext passwords for local accounts; it stores hashes in the SAM database. The key format is the NT hash (an MD4 of the password).

If an attacker dumps these hashes, they can crack them offline or reuse them directly.

All lessons in this course

  1. Windows Architecture
  2. The Registry
  3. Windows Authentication
  4. PowerShell for Attackers
← Back to Ethical Hacking Academy