Looking at some recent high-profile security breach stories it turns out that one of their commonalities is that the attackers quickly went after domain controllers and credentials once they had an initial footprint within the organization. In this workshop we will cover how to protect critical systems running Microsoft Windows and the Active Directory itself, and how to make an attackers life much harder when it comes to compromising Windows based systems. We will discuss a number of preventative steps (incl. how to use and manage EMET in a large scale environment), of design measures (e.g. how to implement the AD forest to compartmentalize sensitive privileges) and what keep a specific eye on as for logging & monitoring.
Introduction to credential-theft and Pass-the-Hash-attacks in Microsoft environments
How authentication works in Windows and Active Directory (local authentication, Kerberos authentication, LSASS and SSO)
How Pass-the-Hash and Pass-the-Ticket-attacks works in Microsoft environments
Some demos with Mimikatz, Golden Tickets and Silver Tickets
Mitigating controls on the design, process and technical/configurational level with the focus to mitigate or prevent credential theft and Pass-the-Hash/Ticket attacks will be presented and discussed in detail as for example (but not limited to):
Introduction to EMET as an application hardening tool & its central management in Active Directory
Bring your own Laptop with the ability to establish a RDP connection to our Lab machines. Thus you will be able to do some demos. Some Windows and Active Directory knowledge.
Friedwart Kuhn is a renowned expert for Active Directory security and has performed a huge number of projects both in the concept and design space and in the pentesting and incident analysis field.