3. Agenda
• Who’s this guy?
• Inspiration for this talk (spoiler: it was rage)
• My first breach response (a tale of tears and fears)
• Lets do some blue teaming on a budget!
4. Who’s this guy?
• Security engineer for 7 Minute Security
• Podcaster (in 7-minute chunks!)
• Neither of these Brian Johnsons
• Super tiny movie star
5.
6.
7. Why this talk?
• I don’t like when vendors spew FUD (fear/uncertainty/doubt)
• I don’t like when vendors are condescending
31. Up the policy requirements?
• Microsoft recommends minimum password length: 14
32. Up the policy requirements?
• Microsoft recommends minimum password length: 14
• “Wait…won’t people just use “WinterWinter2017!” - ?
33. A sweet suite of tools to help you up
boost your network defenses!
My favorite feature?
A better password filter!
CredDefense
34. Setting your Active Directory password
Lloyd Domain controller
“Hi, I’d like to change my
password to Winter2017!”
“Sure one sec, let me check the password requirements!”
35. Setting your Active Directory password
Domain controller
“Winter2017! fits the bill! Password changed!”
Lloyd
36. Setting your Active Directory password
Domain controller
“Hi, I’d like to change my
password to Winter2017!”
“Sure one sec, let me check the password requirements!”
+
Lloyd
37. Setting your Active Directory password
Domain controller
“Winter2017! fits the bill!
Buuuuuut I need to check one other source, one moment
please…”
+
Lloyd
38. Setting your Active Directory password
Domain controller
+
“Wait a sec!Your
password contains a
word on my no-no list!”
Lloyd
39. Setting your Active Directory password
Domain controller
“Sorry Lloyd, please try a better password.”
+
Lloyd
“I wonder who else in my company has picked
bad passwords!”
44. “Responder” attacks
Lloyd’s PC
“Hey, do you know a machine called IGW-SRVV01?”
DNS server
“Sorry, I haven’t heard of it.”
“Aaaaaaaaaaaaanybody else?”
Bad guy
“Yes!That’s me! Send credentials!”
“You got it! Here it comes!”
57. Local Administrator Password Solution
• Strengthens and randomizes local
Administrator passwords per machine
• Free (!) from Microsoft
• Creds are stored securely in Active Directory
• A “set it and forget it” solution
58. Local Administrator Password Solution
Requirements:
• A few GPOs to push LAPS install
• A workstation to manage passwords from
76. Vulnerability scanning
Remember Eternal Blue?
• Exploit developed by NSA
• Leaked in April, 2017
• Takes advantage of weaknesses in SMB protocol
• Is still unpatched in many orgs
• Easy to exploit
85. Recap
• Use good passwords – on domain and local accounts
• CredDefense and LAPS can help!
• Not collecting event logs? Start for free w/WEFFLES!
• Be aware of “responder” attacks
• Scan and patch all your network things!