Ksecdd and Win2k

By TheRealJobe
Dec 5, 2005
  1. Hello all,

    First post, and I wasnt sure if this would go in the Windows OS, or Security forum. :giddy:

    [Edit] Too many specific details about my environment, lets just say its rediculously unsecure. Everyone is a local admin

    So you can see how focused my environment is.

    So to get to the point, I have to keep everything private on a USB key, and even then, how safe is that? Its not.

    But I try to keep everything as secure/monitored as possible, locking down rights (even though everyone is an admin,) disabling shares etc...

    Well, recently, I noticed my PC freezing up for a second or two at a time, and here is what I found in my event log:

    "A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.

    Logon Process Name: KSecDD:"

    Shortly followed (10 minutes) by:

    Successful Network Logon:
    User Name: Worstationname$
    Domain: Domain
    Logon ID: (0x0,0x266C312)
    Logon Type: 3
    Logon Process: Kerberos
    Authentication Package: Kerberos
    Workstation Name:

    and this

    User Logoff:
    User Name: Workstationname$
    Domain: AD
    Logon ID: (0x0,0x266C312)
    Logon Type: 3

    I've looked at several site including local threads, MS Tech site, and other various forums, and I understand, or at least I think I do, that this (KsecDD) is used by an application to authenticate in several modes, user/system etc...
    My understanding is it's primarily used w/ SMB (which I cannot find any signs of shares)

    So if that is the case is it possible that someone might be able to use KsecDD w/ a session type of 3 to get into my HD (covert ops style) and grab key logger output, grab screenshots, or generally grab any HD data?

    I know this may sound a bit *noid, but I assure you it's w/ cause, I really cant give more details based on the circumstances surrounding my concern and job security.

    Thanks for the help
  2. blemmo

    blemmo TS Rookie

    Hey man,
    I have the same problem and I understand your situation. Did you come to any conclusions?
Topic Status:
Not open for further replies.

Similar Topics

Create an account or login to comment

You need to be a member in order to leave a comment
TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.