Null Sessions, MSRPC, and Windows 2000. presented at BlackHatWindows 2001

by Todd Sabin,

Summary : Null sessions have been a favorite tool for information gathering on Windows NT. How does the arrival of Windows 2000 change things? This talk will begin with a review of Null sessions on NT4: what they are, how they're done, and the information that you can obtain with them, including some things that are currently not well known. Next it'll discuss what's different (and what's not) in Win2k. Then it will take a closer look at Null Sessions and their foundations in MSRPC over named pipes, and find that this can have some rather surprising implications on Win2k. Finally, it will cover what administrators can do to protect themselves.
Their Presentation! (PowerPoint 182k)