Threats Hidden in Office Network: Mechanism of Credential Harvesting for Lateral Movement

Authors
Tung-Lin Lee1, I-Hsien Liu1, Chu-Fen Li2, Jung-Shian Li1, *
1Department of Electrical Engineering / Institute of Computer and Communication Engineering, National Cheng Kung University, No.1, University Rd., East Dist., Tainan City 70101, Taiwan
2Department of Finance, National Formosa University, Yunlin County 632, Taiwan
*Corresponding author. Email: [email protected]
Corresponding Author
Jung-Shian Li
Received 9 November 2020, Accepted 9 July 2021, Available Online 9 October 2021.
DOI
https://doi.org/10.2991/jrnal.k.210922.008
Keywords
IWA; active directory; phishing; credential harvesting; cybersecurity
Abstract
With the advent of the Internet of Things (IoT) era, the concept of smart office has gradually come true. To facilitate the management, IoT devices often follow authentication mechanisms as windows domain used, which would cause severe problems once hackers steal those credentials. This study analyzes the restriction of previous research and proposes a new technique that could cause credential leaks and organizes an attack mechanism to evaluate the most suitable strategy in various scenarios.
Copyright
© 2021 The Authors. Published by ALife Robotics Corp. Ltd.
Open Access
This is an open access article distributed under the CC BY-NC 4.0 license (http://creativecommons.org/licenses/by-nc/4.0/).

Download article (PDF)