Ksecdd and Win2k

By TheRealJobe
Dec 5, 2005
  1. Hello all,

    First post, and I wasnt sure if this would go in the Windows OS, or Security forum. :giddy:

    [Edit] Too many specific details about my environment, lets just say its rediculously unsecure. Everyone is a local admin

    So you can see how focused my environment is.

    So to get to the point, I have to keep everything private on a USB key, and even then, how safe is that? Its not.

    But I try to keep everything as secure/monitored as possible, locking down rights (even though everyone is an admin,) disabling shares etc...

    Well, recently, I noticed my PC freezing up for a second or two at a time, and here is what I found in my event log:

    "A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.

    Logon Process Name: KSecDD:"

    Shortly followed (10 minutes) by:

    Successful Network Logon:
    User Name: Worstationname$
    Domain: Domain
    Logon ID: (0x0,0x266C312)
    Logon Type: 3
    Logon Process: Kerberos
    Authentication Package: Kerberos
    Workstation Name:

    and this

    User Logoff:
    User Name: Workstationname$
    Domain: AD
    Logon ID: (0x0,0x266C312)
    Logon Type: 3

    I've looked at several site including local threads, MS Tech site, and other various forums, and I understand, or at least I think I do, that this (KsecDD) is used by an application to authenticate in several modes, user/system etc...
    My understanding is it's primarily used w/ SMB (which I cannot find any signs of shares)

    So if that is the case is it possible that someone might be able to use KsecDD w/ a session type of 3 to get into my HD (covert ops style) and grab key logger output, grab screenshots, or generally grab any HD data?

    I know this may sound a bit *noid, but I assure you it's w/ cause, I really cant give more details based on the circumstances surrounding my concern and job security.

    Thanks for the help
  2. blemmo

    blemmo TS Rookie

    Hey man,
    I have the same problem and I understand your situation. Did you come to any conclusions?
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...