We usually come across the term Winlogon in windows world and the first perception that we get is that this process might be used for handling interactive logons. This is partially correct but there’s a lot more in it that winlogon does.A legitimate winlogon process runs from “%Systemroot%\System32\Winlogon.exe” so make sure that you don’t get fooled by a virus or a Trojan running a process as winlogon from some other location.Let’s understand its role in different scenarios. Continue reading →
An Introduction to NTLM (NT Lan Manager) and its Overview.
LM\NTLM has been used as an authentication protocol in windows family since beginning. Lets walk back to get a clear picture about its evolution. 1.LM (Lan Manager)
This was the first form of secured versions of authentication protocols used by windows family since windows 95 and 98. However this version is rarely used and is now considered as one of the least secured in its type. 2. NTLM Version 1 – A better version of LM available with Windows NT and above. An authentication protocol considered as more improved and secured than LM, since it closed up a major security flaws present in LM. 3. NTLM Version 2 – The Most secured version in its family which is currently supported by Windows NT with SP4 and all above version of Windows Operating Systems. Continue reading →