nerdexam
GIAC

GCIH · Question #432

A sysadmin would use SYSKEY to accomplish which objective?

The correct answer is A. Apply encryption to locally stored password hashes. SYSKEY is a Windows utility that applies an additional layer of encryption to the SAM database, where local password hashes are stored on disk.

Vulnerability Exploitation & Privilege Escalation

Question

A sysadmin would use SYSKEY to accomplish which objective?

Options

  • AApply encryption to locally stored password hashes
  • BRemove LANMAN hashes from a system
  • CProtect hashes when they are in local memory
  • DEnforce salted hashes of locally stored passwords

How the community answered

(47 responses)
  • A
    89% (42)
  • B
    2% (1)
  • C
    6% (3)
  • D
    2% (1)

Why each option

SYSKEY is a Windows utility that applies an additional layer of encryption to the SAM database, where local password hashes are stored on disk.

AApply encryption to locally stored password hashesCorrect

SYSKEY (System Key) encrypts the SAM (Security Account Manager) database stored locally on a Windows system, adding a boot-time or floppy-key encryption layer over the password hashes. This prevents offline attacks against the SAM file by ensuring the hashes cannot be read without the system key. It specifically targets hashes at rest on disk, not in memory or their algorithmic format.

BRemove LANMAN hashes from a system

Removing LANMAN hashes is accomplished through Group Policy (Network Security: Do not store LAN Manager hash value) or registry settings, not SYSKEY.

CProtect hashes when they are in local memory

SYSKEY protects hashes stored on disk in the SAM database - protecting hashes in memory is a separate concern addressed by tools or mitigations like Credential Guard.

DEnforce salted hashes of locally stored passwords

SYSKEY encrypts the hash storage container, it does not change the hashing algorithm or add salting to the hash generation process.

Concept tested: SYSKEY SAM database encryption on Windows

Source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/syskey-utility-and-sam-database-security

Topics

#SYSKEY#password hash encryption#Windows security#credential storage

Community Discussion

No community discussion yet for this question.

Full GCIH Practice