i'd like to see Ryan do some Middler and SSL strip demos, if he has some time

Nice one Linn, just finished watching it. Couldn't expect anything less then another excellent tool from core. Keep up the good work, I'd also like to see those demos Jhaddix mentioned when whoever has time! -Coughs- Gates -Coughs- joking...

The Middler  & SSL Strip 

Let me setup a slightly different scenario that may help this make more sense. 

You are at your workstation, and you are logged in via your domain account.  You have a patch missing on your machine, and while I am on your network performing a pen test, I scan your machine and notice that it is vulnerable.  By exploiting that vulnerability, I am able to get a session that has the privilege of SYSTEM.  At this point, you are logged into your workstation with your credentials and I am logged on via SYSTEM.  Because windows helps you by ensuring you don't have to enter your password each time you access a resource, I can take your domain credentials, which are stored in memory,  and assign them to my session as SYSTEM using iam.exe.  Once I have taken your in-memory credentials, I can present them as my own without having to know your password at all.

Once I have your credentials and can impersonate you, then I would use them to go to other machines on the network.  If you were a Domain Admin for example, I could use them to perform actions on the domain controllers, or if you had access to a machine that a domain admin was logged in on, then I might move to that machine and perform the same attack again to gain the Domain Admin's credentials. 

All of this happens outside the SAM, and for clarity when you log into a machine, your credentials many times are stored locally however.  The cached credential feature of windows allows for disconnected use of machines, but also allows for your domain credentials to be stored locally on machines that you have logged into.   These credentials can also be attacked and cracked even when you are not on the machine.

If you have any more questions, please let me know.
-Ryan

Hey cool stuff Ryan. You da man!

Maybe I'm late on this one (not sure if anyone's posted anything on it) but I just saw a video on SSLStrip on John Strands page:

http://vimeo.com/3970303

It's a damn good video too, very well explained. Hope it helps!