Suche senden
Hochladen
Protecting the keys to the castle! - Restricted Admin Credential Exposure
•
Als PPTX, PDF herunterladen
•
1 gefällt mir
•
1,392 views
Microsoft TechNet - Belgium and Luxembourg
Folgen
More info on http://techdays.be.
Weniger lesen
Mehr lesen
Melden
Teilen
Melden
Teilen
1 von 14
Jetzt herunterladen
Empfohlen
Beginning Microservices with .NET & RabbitMQ
Beginning Microservices with .NET & RabbitMQ
Paul Mooney
Deep-dive building solutions on the SharePoint Framework
Deep-dive building solutions on the SharePoint Framework
Waldek Mastykarz
Topic 3 Double entry book keeping
Topic 3 Double entry book keeping
Srinivas Methuku
Point of-sale-malware-backoff
Point of-sale-malware-backoff
EMC
Block culture of nacirema
Block culture of nacirema
Travis Klein
Final draft script a long day by nick mc cabe
Final draft script a long day by nick mc cabe
sophiemcavoy1
Windows 8 Hyper-V: Scalability
Windows 8 Hyper-V: Scalability
Microsoft TechNet - Belgium and Luxembourg
Friday defeat of napoleon
Friday defeat of napoleon
Travis Klein
Empfohlen
Beginning Microservices with .NET & RabbitMQ
Beginning Microservices with .NET & RabbitMQ
Paul Mooney
Deep-dive building solutions on the SharePoint Framework
Deep-dive building solutions on the SharePoint Framework
Waldek Mastykarz
Topic 3 Double entry book keeping
Topic 3 Double entry book keeping
Srinivas Methuku
Point of-sale-malware-backoff
Point of-sale-malware-backoff
EMC
Block culture of nacirema
Block culture of nacirema
Travis Klein
Final draft script a long day by nick mc cabe
Final draft script a long day by nick mc cabe
sophiemcavoy1
Windows 8 Hyper-V: Scalability
Windows 8 Hyper-V: Scalability
Microsoft TechNet - Belgium and Luxembourg
Friday defeat of napoleon
Friday defeat of napoleon
Travis Klein
Cơ bản về tủ lạnh
Cơ bản về tủ lạnh
machupilani
Goedgekleed
Goedgekleed
Netwerk Bewust Verbruiken
My evalutauion question 1
My evalutauion question 1
Khendle Christie
Mat lab
Mat lab
Rahman Hakim
Federmanager bo convegno impermanenza_27_03_13
Federmanager bo convegno impermanenza_27_03_13
Marco Frullanti
De stress fest2013slideshow
De stress fest2013slideshow
CheckIt Out
What Is Async, How Does It Work, And When Should I Use It?
What Is Async, How Does It Work, And When Should I Use It?
emptysquare
види таблиць конструктор
види таблиць конструктор
Татьяна Глинская
SME Estudio Marcas que Marcan 2012
SME Estudio Marcas que Marcan 2012
SME Puerto Rico
EMC Hybrid Cloud for SAP - Enhanced Security and Compliance
EMC Hybrid Cloud for SAP - Enhanced Security and Compliance
EMC
Stalking the Kill Chain
Stalking the Kill Chain
EMC
Tues wed reformation plays
Tues wed reformation plays
Travis Klein
Creative examples of origami logo design for inspiration
Creative examples of origami logo design for inspiration
Maxim Logoswish
TechBook: IMS on z/OS Using EMC Symmetrix Storage Systems
TechBook: IMS on z/OS Using EMC Symmetrix Storage Systems
EMC
Pastís de xocolata rita i judit
Pastís de xocolata rita i judit
mgonellgomez
Provisioning 2.0: The Future of Provisioning
Provisioning 2.0: The Future of Provisioning
EMC
Media Evaluation
Media Evaluation
loousmith
Delivering Javascript to World+Dog
Delivering Javascript to World+Dog
Kyle Randolph
The service mesh: resilient communication for microservice applications
The service mesh: resilient communication for microservice applications
Outlyer
Exploiting Active Directory Administrator Insecurities
Exploiting Active Directory Administrator Insecurities
Priyanka Aash
Case Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on Time
CA Technologies
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
Felipe Prado
Weitere ähnliche Inhalte
Andere mochten auch
Cơ bản về tủ lạnh
Cơ bản về tủ lạnh
machupilani
Goedgekleed
Goedgekleed
Netwerk Bewust Verbruiken
My evalutauion question 1
My evalutauion question 1
Khendle Christie
Mat lab
Mat lab
Rahman Hakim
Federmanager bo convegno impermanenza_27_03_13
Federmanager bo convegno impermanenza_27_03_13
Marco Frullanti
De stress fest2013slideshow
De stress fest2013slideshow
CheckIt Out
What Is Async, How Does It Work, And When Should I Use It?
What Is Async, How Does It Work, And When Should I Use It?
emptysquare
види таблиць конструктор
види таблиць конструктор
Татьяна Глинская
SME Estudio Marcas que Marcan 2012
SME Estudio Marcas que Marcan 2012
SME Puerto Rico
EMC Hybrid Cloud for SAP - Enhanced Security and Compliance
EMC Hybrid Cloud for SAP - Enhanced Security and Compliance
EMC
Stalking the Kill Chain
Stalking the Kill Chain
EMC
Tues wed reformation plays
Tues wed reformation plays
Travis Klein
Creative examples of origami logo design for inspiration
Creative examples of origami logo design for inspiration
Maxim Logoswish
TechBook: IMS on z/OS Using EMC Symmetrix Storage Systems
TechBook: IMS on z/OS Using EMC Symmetrix Storage Systems
EMC
Pastís de xocolata rita i judit
Pastís de xocolata rita i judit
mgonellgomez
Provisioning 2.0: The Future of Provisioning
Provisioning 2.0: The Future of Provisioning
EMC
Media Evaluation
Media Evaluation
loousmith
Andere mochten auch
(17)
Cơ bản về tủ lạnh
Cơ bản về tủ lạnh
Goedgekleed
Goedgekleed
My evalutauion question 1
My evalutauion question 1
Mat lab
Mat lab
Federmanager bo convegno impermanenza_27_03_13
Federmanager bo convegno impermanenza_27_03_13
De stress fest2013slideshow
De stress fest2013slideshow
What Is Async, How Does It Work, And When Should I Use It?
What Is Async, How Does It Work, And When Should I Use It?
види таблиць конструктор
види таблиць конструктор
SME Estudio Marcas que Marcan 2012
SME Estudio Marcas que Marcan 2012
EMC Hybrid Cloud for SAP - Enhanced Security and Compliance
EMC Hybrid Cloud for SAP - Enhanced Security and Compliance
Stalking the Kill Chain
Stalking the Kill Chain
Tues wed reformation plays
Tues wed reformation plays
Creative examples of origami logo design for inspiration
Creative examples of origami logo design for inspiration
TechBook: IMS on z/OS Using EMC Symmetrix Storage Systems
TechBook: IMS on z/OS Using EMC Symmetrix Storage Systems
Pastís de xocolata rita i judit
Pastís de xocolata rita i judit
Provisioning 2.0: The Future of Provisioning
Provisioning 2.0: The Future of Provisioning
Media Evaluation
Media Evaluation
Ähnlich wie Protecting the keys to the castle! - Restricted Admin Credential Exposure
Delivering Javascript to World+Dog
Delivering Javascript to World+Dog
Kyle Randolph
The service mesh: resilient communication for microservice applications
The service mesh: resilient communication for microservice applications
Outlyer
Exploiting Active Directory Administrator Insecurities
Exploiting Active Directory Administrator Insecurities
Priyanka Aash
Case Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on Time
CA Technologies
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
Felipe Prado
Azure Services Platform
Azure Services Platform
David Chou
MSP360 Cybersecurity Master Class part 2
MSP360 Cybersecurity Master Class part 2
MSP360
Best ofmms mikeresseler
Best ofmms mikeresseler
Kenny Buntinx
Best ofmms mikeresseler
Best ofmms mikeresseler
Dieter Wijckmans
Escalation defenses ad guardrails every company should deploy
Escalation defenses ad guardrails every company should deploy
David Rowe
Topic 2 - Ransomware Techniques.pptx
Topic 2 - Ransomware Techniques.pptx
Morningstar90
MongoDB World 2019: MongoDB Atlas Security 101 for Developers
MongoDB World 2019: MongoDB Atlas Security 101 for Developers
MongoDB
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Alert Logic
Design patterns for microservice architecture
Design patterns for microservice architecture
The Software House
RSA Secur id for windows
RSA Secur id for windows
arpit06055
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
MariaDB plc
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
Risk Analysis Consultants, s.r.o.
Understanding Azure Networking Services
Understanding Azure Networking Services
InCycleSoftware
Hackers versus Developers and Secure Web Programming
Hackers versus Developers and Secure Web Programming
Akash Mahajan
Sql dba training in india
Sql dba training in india
united global soft
Ähnlich wie Protecting the keys to the castle! - Restricted Admin Credential Exposure
(20)
Delivering Javascript to World+Dog
Delivering Javascript to World+Dog
The service mesh: resilient communication for microservice applications
The service mesh: resilient communication for microservice applications
Exploiting Active Directory Administrator Insecurities
Exploiting Active Directory Administrator Insecurities
Case Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on Time
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
Azure Services Platform
Azure Services Platform
MSP360 Cybersecurity Master Class part 2
MSP360 Cybersecurity Master Class part 2
Best ofmms mikeresseler
Best ofmms mikeresseler
Best ofmms mikeresseler
Best ofmms mikeresseler
Escalation defenses ad guardrails every company should deploy
Escalation defenses ad guardrails every company should deploy
Topic 2 - Ransomware Techniques.pptx
Topic 2 - Ransomware Techniques.pptx
MongoDB World 2019: MongoDB Atlas Security 101 for Developers
MongoDB World 2019: MongoDB Atlas Security 101 for Developers
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Design patterns for microservice architecture
Design patterns for microservice architecture
RSA Secur id for windows
RSA Secur id for windows
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
Understanding Azure Networking Services
Understanding Azure Networking Services
Hackers versus Developers and Secure Web Programming
Hackers versus Developers and Secure Web Programming
Sql dba training in india
Sql dba training in india
Mehr von Microsoft TechNet - Belgium and Luxembourg
Windows 10: all you need to know!
Windows 10: all you need to know!
Microsoft TechNet - Belgium and Luxembourg
Configuration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
Configuration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
Microsoft TechNet - Belgium and Luxembourg
Windows 8.1 a closer look
Windows 8.1 a closer look
Microsoft TechNet - Belgium and Luxembourg
So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.
Microsoft TechNet - Belgium and Luxembourg
Data Leakage Prevention
Data Leakage Prevention
Microsoft TechNet - Belgium and Luxembourg
Deploying and managing ConfigMgr Clients
Deploying and managing ConfigMgr Clients
Microsoft TechNet - Belgium and Luxembourg
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
Microsoft TechNet - Belgium and Luxembourg
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
Microsoft TechNet - Belgium and Luxembourg
SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012
Microsoft TechNet - Belgium and Luxembourg
Jump start your application monitoring with APM
Jump start your application monitoring with APM
Microsoft TechNet - Belgium and Luxembourg
What’s new in Lync Server 2013: Persistent Chat
What’s new in Lync Server 2013: Persistent Chat
Microsoft TechNet - Belgium and Luxembourg
What's new for Lync 2013 Clients & Devices
What's new for Lync 2013 Clients & Devices
Microsoft TechNet - Belgium and Luxembourg
Office 365 ProPlus: Click-to-run deployment and management
Office 365 ProPlus: Click-to-run deployment and management
Microsoft TechNet - Belgium and Luxembourg
Office 365 Identity Management options
Office 365 Identity Management options
Microsoft TechNet - Belgium and Luxembourg
SharePoint Installation and Upgrade: Untangling Your Options
SharePoint Installation and Upgrade: Untangling Your Options
Microsoft TechNet - Belgium and Luxembourg
The application model in real life
The application model in real life
Microsoft TechNet - Belgium and Luxembourg
Microsoft private cloud with Cisco and Netapp - Flexpod solution
Microsoft private cloud with Cisco and Netapp - Flexpod solution
Microsoft TechNet - Belgium and Luxembourg
Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise
Microsoft TechNet - Belgium and Luxembourg
Moving from Device Centric to a User Centric Management
Moving from Device Centric to a User Centric Management
Microsoft TechNet - Belgium and Luxembourg
Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM
Microsoft TechNet - Belgium and Luxembourg
Mehr von Microsoft TechNet - Belgium and Luxembourg
(20)
Windows 10: all you need to know!
Windows 10: all you need to know!
Configuration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
Configuration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
Windows 8.1 a closer look
Windows 8.1 a closer look
So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.
Data Leakage Prevention
Data Leakage Prevention
Deploying and managing ConfigMgr Clients
Deploying and managing ConfigMgr Clients
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012
Jump start your application monitoring with APM
Jump start your application monitoring with APM
What’s new in Lync Server 2013: Persistent Chat
What’s new in Lync Server 2013: Persistent Chat
What's new for Lync 2013 Clients & Devices
What's new for Lync 2013 Clients & Devices
Office 365 ProPlus: Click-to-run deployment and management
Office 365 ProPlus: Click-to-run deployment and management
Office 365 Identity Management options
Office 365 Identity Management options
SharePoint Installation and Upgrade: Untangling Your Options
SharePoint Installation and Upgrade: Untangling Your Options
The application model in real life
The application model in real life
Microsoft private cloud with Cisco and Netapp - Flexpod solution
Microsoft private cloud with Cisco and Netapp - Flexpod solution
Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise
Moving from Device Centric to a User Centric Management
Moving from Device Centric to a User Centric Management
Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM
Protecting the keys to the castle! - Restricted Admin Credential Exposure
1.
Protecting the keys
to the castle – Restricted Admin Credential Exposure Marcus Murray & Hasain Alshakarti Truesec Security Team, MVP-Enterprise Security x2
2.
Marcus Murray
Hasain Alshakarti
3.
Who doesn’t want
to be domain admin?
4.
Passing the dutchie
Web Srv Mail Srv DC File Srv Client Client Admin User
5.
Mitigating Passing the
dutchie • SMB Signing! On domain controllers!
6.
mimikatz • privilege::debug • inject::process
lsass.exe sekurlsa.dll • @getLogonPasswords • Passwords in CLEAR TEXT!!!
7.
The ”Mandiant report”
8.
Local account depencencies
Web Srv Mail Srv DC File Srv Mail Srv SrvAdm SrvAdm Client Client CliAdm CliAdm
9.
Logged on account
depencencies Web Srv Mail Srv DC File Srv Mail Srv Marcus_DA Marcus_DA Client Client Marcus_DA Marcus_DA
10.
Complete mission
Web Srv Mail Srv DC File Srv Mail Srv Client Client Admin User
11.
Microsoft PtH Mitigations
12.
Protecting! •
Local firewalls • Non-admin • Cutting dependencies • Managed service accounts • AMA
13.
Marcus Murray
Hasain Alshakarti
14.
Thank you for
listening!
Jetzt herunterladen