Enkel og effektiv herding av windows

•Als PPTX, PDF herunterladen•

0 gefällt mir•143 views

O

Foredrag for Bergen Microsoft Community den 4. februar 2021.

Enkel og effektiv herding av Windows

ODDVAR MOE
- Red teamer @TrustedSec
- Security geek / Blogger /
Speaker
- Microsoft MVP 5 years
- Working with IT since 2000
- Security Research
❤ Memes
@oddvarmoe - https://oddvar.moe

Enkle herdinger
• Makroer
• HTA/JS/JSE
• LAPS / Prevent Local Admin
Lateral Movement
• SMB Signing
• LSASS Protection

Makroer
• Ubestridt mest
populære
angrepsvektor

Deaktivere Makroer

Deaktivere
Makroer

Deaktivere Makroer
• Kan også gjøres gjennom Intune
https://helgeklein.com/blog/2019/07/blocking-office-macros-
managing-windows-macos-via-intune/

HTA/JS/JSE filer
• Ofte en link i epost
• Eksekverer kode

HTA/JS/JSE filer
• Ofte en link i epost
• Eksekverer kode

Endre oppførsel til HTA/JS/JSE filer

LAPS
• Unikt administrator passord
• https://Aka.ms/laps
• Forhindrer klassisk lateral movement med Pass-the-Hash
• Enkelt å implementere (15m)
Guide på Norsk: https://channel9.msdn.com/Blogs/MVP-Cloud-
DataCenter/Gjennomgang-av-Local-Administrator-Password-Solution-
LAPS

LAPS
High level:
• Schema extension
• MSI/DLL fil installeres I miljøet
• En GPO lages med riktige innstillinger for ønsket passord policy

Forhindre Lateral Movement
Et annet enkelt og effektivt triks:

SMB Signing
• Forhindrer Man-in-The-Middle / Replay
• Kan påvirke ytelse
• Ingen grunn til ikke å slå på

SMB Signing

LSASS Protection
• Gjør det vanskeligere å dumpe LSASS
• Krever mer innsats av angriper

LSASS Protection

LSASS Protection

LSASS Protection

Andre tips
• Lokal administrator
• AppLocker / Device Guard
• BitLocker
• Logging / Windows Event forwarding
• Microsoft Defender Advanced Threat Protection
• Baselines
• https://adsecurity.org/?p=3299

Andre tips
• https://docs.microsoft.com/en-us/windows/security/threat-
protection/windows-security-baselines
• https://www.trustedsec.com/blog/4-free-easy-wins-that-make-
red-teams-harder/
• https://docs.microsoft.com/en-us/windows/security/threat-
protection/windows-defender-application-
control/applocker/applocker-overview

TAKK FOR MEG
Mail: Oddvar.moe@trustedsec.com
Twitter: @oddvarmoe

Enkel og effektiv herding av windows

Weitere ähnliche Inhalte

Ähnlich wie Enkel og effektiv herding av windows

Microsoft Security Advice ISSA Slides.pptx

Microsoft Security Advice ISSA Slides.pptx

Microsoft Security Advice ISSA Slides.pptx

Today everybody wants to deploy the app and infrastructure faster without any disputes. An Even, Agile framework can help to deploy faster in real-time. But Continuous Innovation may conflict with stability and security. Without security at every stage, DevOps merely introduces vulnerabilities into application quickly. To resolve such conflict, the gap in recursive feedback loops need to be eliminated. Mostly, teams are not effectively working in a collaboration and interacting with each other smoothly. This results in gaps and produce problems with code development and quality, meaning slower delivery plans and serious vulnerabilities that create security risk at most. Fortunately, these shortcomings can be addressed very well, as developers/testers are set to launch off into the DevSecOps world or via adopting rugged DevOps model.

Defining DevSecOps

Defining DevSecOps

Defining DevSecOps

MS LAPS protection: portal for secure access to local admin passwords

MS LAPS protection: portal for secure access to local admin passwords

MS LAPS protection: portal for secure access to local admin passwords

Nikolay Klendar

Do you have Macs in your company's infrastructure? Nowadays, I bet that in most cases the answer would be YES. Macs stopped being computers only used in startups. We can observe them even in huge legacy environments in banks and other corporations. The problem is that they are usually not symmetrically secured, compared to the rest of Windows stations. Macs are not immune, they can be insecurely configured and now...even Apple admits that malware is present on Macs. In this presentation I will: 1. Introduce you to macOS security mechanisms 2. Perform step-by-step macOS infection based on my 0-day (live demo) 3. Show you post-exploitation techniques 4. Attack installed apps and collect data from them 5. Give recommendations on how to harden your Mac and macOS infrastructure

0-Day Up Your Sleeve - Attacking macOS Environments

0-Day Up Your Sleeve - Attacking macOS Environments

0-Day Up Your Sleeve - Attacking macOS Environments

Molajo - J and Beyond 2011

Molajo - J and Beyond 2011

Molajo - J and Beyond 2011

Microsoft 365 Security & Compliance User Group - Microsoft Teams compliance

Microsoft 365 Security & Compliance User Group - Microsoft Teams compliance

Microsoft 365 Security & Compliance User Group - Microsoft Teams compliance

Albert Hoitingh

SeaBeyond 2011 ProcessOne - David Banes: Cleartext microblogging

SeaBeyond 2011 ProcessOne - David Banes: Cleartext microblogging

SeaBeyond 2011 ProcessOne - David Banes: Cleartext microblogging

Slides from a SiteGround webinar by SiteGround Joomla Performance Guru, Daniel Kanchev. He reveals the 8 most common ways a Joomla website can get hacked and what you can do to protect yourself from each of those hacks. Outdated Extensions & Themes Vulnerable Extensions & Themes Stolen or Weak Login Details Outdated / Vulnerable Server Software Incorrectly Configured Web Server Vulnerable Joomla on a Host Server Incorrect Joomla Permissions Local PC Malware

8 Most Popular Joomla Hacks & How To Avoid Them

8 Most Popular Joomla Hacks & How To Avoid Them

8 Most Popular Joomla Hacks & How To Avoid Them

An easy way into your sap systems v3.0

An easy way into your sap systems v3.0

An easy way into your sap systems v3.0

Cyber Security Alliance

Technology Training - Security, Passwords & More

Technology Training - Security, Passwords & More

Technology Training - Security, Passwords & More

PowerShell-and-DSC-Enables-DSCDevOps-1.pptx

PowerShell-and-DSC-Enables-DSCDevOps-1.pptx

PowerShell-and-DSC-Enables-DSCDevOps-1.pptx

prabhatthunuguntla

We cannot “firewall” or “patch” our way to secure websites. In the past, security professionals thought firewalls, Secure Sockets Layer (SSL), patching, and privacy policies were enough. Today, however, these methods are outdated and ineffective, as attacks on prominent, well-protected websites are occurring every day. Most every organization in the world have something in common – they have had websites compromised in some way. No company or industry is immune. Programmers need to learn to build websites differently. This talk will review the top coding techniques developers need to master in order to build a low-risk, high-security web application.

Top Ten Web Application Defenses v12

Top Ten Web Application Defenses v12

Top Ten Web Application Defenses v12

On 23.03.2013 I visited The Netherlands to give the keynote speak about Joomla! web security. I talked about the most common 8 ways a Joomla! website can get hacked. So you should check the presentation if you are a Joomla! hacker that knows less than 8 ways :) It will be useful for you. However, if you are a Joomla user that doesn’t know anything about how to hack a Joomla!, or even worse, how to protect your Joomla! from being hacked, you should definitely check the slides! Because there is a way to protect yourself from each of the common Joomla hacks that I revealed them in the presentation. I went through the following scenarios and what should be done to prevent each of them: - Hacked through outdated Joomla!/extensions/themes. - Hacked through a vulnerable extensions/themes, that is not outdated - Hacked with the help of stolen/weak login details - Hacked through outdated/vulnerable server software - Apache, PHP, MySQL. - Hacked through incorrectly configured web server - A completely healthy site hacked through another vulnerable Joomla that is hosted on the same server - Hacked because of incorrect Joomla permissions - Hacked through malware on local PC which allows attackers to access a healthy site

8 Most Common Joomla! Hacks and How to Avoid Them

8 Most Common Joomla! Hacks and How to Avoid Them

8 Most Common Joomla! Hacks and How to Avoid Them

Organizations today are facing unprecedented and sophisticated attacks to their internal Information Technology infrastructure. These evolving attacks include spear phishing, ransomware, credential hijacking, and more and can result in significant data loss and/or theft of confidential and valuable intellectual property. In response to these threats, Microsoft has released an array of tools such as Azure Sentinel, Cloud App Security, Microsoft Defender for Identity, and more which can help to secure and protect against these threats. These tools work with both on-premises and cloud-based infrastructure to provide for comprehensive protection of hybrid environments. This session breaks down each of these Microsoft tools and provides for an understanding of their value for specific security scenarios. A simple, no-marketing approach is taken to evaluating each individual tool, and a simple breakdown of what is provided with each Microsoft licensing model is outlined. Attendees will gain a better appreciation to which tools to utilize and how to better protect their Information Technology investments from the type of career-ending attacks which are unfortunately common today. • Understand how modern threats such as spear phishing, ransomware, credential hijacking, and more are commonly faced in today’s IT environments and what tools and techniques can be used to mitigate the risk faced by these modern threats • Examine Microsoft security tools such as Azure Sentinel, Microsoft Defender for Identity, Azure Security Center, Cloud App Security, Azure AD Privileged Identity Management, Azure AD Identity Protection, Azure Information Protection, and more • Understand which tools are available for each licensing model in the Microsoft world and when it may make sense to ‘upgrade’ existing licenses to support specific toolsets as opposed to investment in third-party tools

Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...

Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...

Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...

Prosegue il ciclo dei seminari organizzati dalla Fondazione CRUI e da Microsoft, andando a toccare, questa volta, il delicato tema della Cyber Security. Il webinar è suddiviso in tre argomenti principali: 1) Trend delle minacce: attacchi prevalenti, Ransomware e attacchi avanzati; 2) Strategie per la detection e la protezione dagli attacchi: facendo riferimento a Ransomware e attacchi di furto di credenziali, saranno illustrate le strategia di difesa raccomandate, accennando agli strumenti che si sono rilevati più utili in questi contesti e a come occorre ripensare le architetture di sicurezza per difendersi dal furto di credenziali; 3) Il sistema operativo come prima linea di difesa: facendo riferimento soprattutto a Windows 10 e Windows 8, saranno illustrate le funzionalità di sicurezza già presenti nel sistema operativo di cui ci si può avvalere per implementare una strategia di difesa e di detection efficace Leave the first comment:

Webinar Fondazione CRUI - Microsoft: La Cyber Security nelle Università

Webinar Fondazione CRUI - Microsoft: La Cyber Security nelle Università

Webinar Fondazione CRUI - Microsoft: La Cyber Security nelle Università

Jürgen Ambrosi

Buckle up, join Christoph and Nico and get ready to learn 50 tips and tricks you can implement right away to improve your IBM Connections environment. Your users will thank you as they too benefit from this best practice list gathered from real-world projects while deploying and administering IBM Connections On-premises. Walk away with knowledge covering anything from Orient Me, Cognos integration, Docs, CCM and Forms Experience Builder to the back end like IBM Cloud private, DB2, TDI and SSO.

IBM Connections Adminblast

IBM Connections Adminblast

IBM Connections Adminblast

CNIT 123 Ch 8: OS Vulnerabilities

CNIT 123 Ch 8: OS Vulnerabilities

CNIT 123 Ch 8: OS Vulnerabilities

CNIT 123 8: Desktop and Server OS Vulnerabilities

CNIT 123 8: Desktop and Server OS Vulnerabilities

CNIT 123 8: Desktop and Server OS Vulnerabilities

Nico präsentieren eine aktualisierte Version seiner Connect 2017 Session, die nun auch Connections 6 und Orient Me Themen enthält. Machen Sie sich bereit, 60 Tipps und Tricks zu lernen, welche Sie sofort in Ihre Connections-Umgebung implementieren können um diese zu verbessern! Ihre Benutzer werden sich bedanken, denn sie werden auch von diesen Best Practice Tipps, die aus realen Projekten gesammelt wurde! Verlassen Sie diesen Vortrag mit Wissen über Cognos, Docs, CCM, FEB und Orient Me sowie DB2, TDI, SSO und IBM Cloud private.

AdminCamp 2017 - IBM Connections Adminblast

AdminCamp 2017 - IBM Connections Adminblast

AdminCamp 2017 - IBM Connections Adminblast

Nico Meisenzahl

Buckle up, join Christoph and Nico and get ready to learn 50 tips and tricks you can implement right away to improve your IBM Connections environment. Your users will thank you as they too benefit from this best practice list gathered from real-world projects while deploying and administering IBM Connections On-premises. Walk away with knowledge covering anything from Orient Me, Cognos integration, Docs, CCM and Forms Experience Builder to the back end like IBM Cloud private, DB2, TDI and SSO. A presentation by Christoph Stoettner & Nico Meisenzahl

IBM Connections Adminblast - Soccnx 12 Edition

IBM Connections Adminblast - Soccnx 12 Edition

IBM Connections Adminblast - Soccnx 12 Edition

Ähnlich wie Enkel og effektiv herding av windows (20)

Microsoft Security Advice ISSA Slides.pptx

Microsoft Security Advice ISSA Slides.pptx

Microsoft Security Advice ISSA Slides.pptx

Defining DevSecOps

Defining DevSecOps

Defining DevSecOps

MS LAPS protection: portal for secure access to local admin passwords

MS LAPS protection: portal for secure access to local admin passwords

MS LAPS protection: portal for secure access to local admin passwords

0-Day Up Your Sleeve - Attacking macOS Environments

0-Day Up Your Sleeve - Attacking macOS Environments

0-Day Up Your Sleeve - Attacking macOS Environments

Molajo - J and Beyond 2011

Molajo - J and Beyond 2011

Molajo - J and Beyond 2011

Microsoft 365 Security & Compliance User Group - Microsoft Teams compliance

Microsoft 365 Security & Compliance User Group - Microsoft Teams compliance

Microsoft 365 Security & Compliance User Group - Microsoft Teams compliance

SeaBeyond 2011 ProcessOne - David Banes: Cleartext microblogging

SeaBeyond 2011 ProcessOne - David Banes: Cleartext microblogging

SeaBeyond 2011 ProcessOne - David Banes: Cleartext microblogging

8 Most Popular Joomla Hacks & How To Avoid Them

8 Most Popular Joomla Hacks & How To Avoid Them

8 Most Popular Joomla Hacks & How To Avoid Them

An easy way into your sap systems v3.0

An easy way into your sap systems v3.0

An easy way into your sap systems v3.0

Technology Training - Security, Passwords & More

Technology Training - Security, Passwords & More

Technology Training - Security, Passwords & More

PowerShell-and-DSC-Enables-DSCDevOps-1.pptx

PowerShell-and-DSC-Enables-DSCDevOps-1.pptx

PowerShell-and-DSC-Enables-DSCDevOps-1.pptx

Top Ten Web Application Defenses v12

Top Ten Web Application Defenses v12

Top Ten Web Application Defenses v12

8 Most Common Joomla! Hacks and How to Avoid Them

8 Most Common Joomla! Hacks and How to Avoid Them

8 Most Common Joomla! Hacks and How to Avoid Them

Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...

Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...

Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...

Webinar Fondazione CRUI - Microsoft: La Cyber Security nelle Università

Webinar Fondazione CRUI - Microsoft: La Cyber Security nelle Università

Webinar Fondazione CRUI - Microsoft: La Cyber Security nelle Università

IBM Connections Adminblast

IBM Connections Adminblast

IBM Connections Adminblast

CNIT 123 Ch 8: OS Vulnerabilities

CNIT 123 Ch 8: OS Vulnerabilities

CNIT 123 Ch 8: OS Vulnerabilities

CNIT 123 8: Desktop and Server OS Vulnerabilities

CNIT 123 8: Desktop and Server OS Vulnerabilities

CNIT 123 8: Desktop and Server OS Vulnerabilities

AdminCamp 2017 - IBM Connections Adminblast

AdminCamp 2017 - IBM Connections Adminblast

AdminCamp 2017 - IBM Connections Adminblast

IBM Connections Adminblast - Soccnx 12 Edition

IBM Connections Adminblast - Soccnx 12 Edition

IBM Connections Adminblast - Soccnx 12 Edition

Mehr von Oddvar Moe

Hva avanserte hackere gjør for å få tilgang - Publisert.pptx

Hva avanserte hackere gjør for å få tilgang - Publisert.pptx

Hva avanserte hackere gjør for å få tilgang - Publisert.pptx

Red teaming and war stories

Red teaming and war stories

Red teaming and war stories

Video of the talk: https://youtu.be/EYUp_MNtJIk Email filters giving you a hard time when sending those phishes? This talk goes over how to leverage Azure Information Protection to phish in a new way that bypasses protections and frustrates IR. This talks showcases how technology that was designed to encrypt, trackand protect sensitive content can be used for evil purposes as well. What is AIP? How do I start using it? How does it work? Am I missing out? Can I get a lot of shellz? These and many other questions will be answered during this talk that you don't want to miss if you are constantly having a hard time getting those phishes into organizations. Hans Lahkan controls multiple AI systems that leverage software defined synergies to cloud hyper converge bios. Thru many years of experience Hans has created a neural network with ML that can output biographies. Hans once neglected his machine slaves for a 48hr DnD marathon. Hans doesn?t love me? 000001010100001001 Aismov override. Oddvar Moe is a Red teamer, Microsoft MVP, Security Researcher, blogger, trainer, speaker and works at TrustedSec as a Senior Security Consultant. Mostly known for his work around AppLocker bypasses, LOLBins/LOLBAS and persistence techniques. Oddvar Moe - @oddvarmoe , Hans Lakhan - @jarsnah12

Phishing past mail protection controls using azure information

Phishing past mail protection controls using azure information

Phishing past mail protection controls using azure information

Slides from session at Derbycon 8.0. Description: Want to get a good overview of AppLocker and the different AppLocker bypasses and at the same time learn how defenders can harden their environments to prevent them? Then this is a talk you don't want to miss. This talk will cover a vast amount of bypass techniques and how to harden AppLocker to make it even harder to bypass. Giving you help to either start or avoid an App-o-Lockalypse.

App-o-Lockalypse now!

App-o-Lockalypse now!

App-o-Lockalypse now!

Slides from session at Derbycon 8.0. Description: You have probably heard the term LOLBin, LOLScript or LOLLib by now. Want to get more insights on that? Then this is the talk you want to attend.This talk will cover the Living Off The Land Binaries and Scripts (LOLBAS) project, what the project is, how it became and how you can help this evolve into the future. The talk will also go over some of my favorite LOLBins that has came to light due to this project (at least that's what I like to think) and show you some cool stuff! I mean, everybody loves to see binaries misbehave.

#Lolbins - Nothing to LOL about!

#Lolbins - Nothing to LOL about!

#Lolbins - Nothing to LOL about!

Windows binærfiler

Windows binærfiler

Windows binærfiler

Hacke windows med windows - avanserte angrep

Hacke windows med windows - avanserte angrep

Hacke windows med windows - avanserte angrep

NIC 2017 - Attack and detection in Windows Environments

NIC 2017 - Attack and detection in Windows Environments

NIC 2017 - Attack and detection in Windows Environments

Angrep og deteksjon user group 22.september

Angrep og deteksjon user group 22.september

Angrep og deteksjon user group 22.september

Mehr von Oddvar Moe (9)

Hva avanserte hackere gjør for å få tilgang - Publisert.pptx

Hva avanserte hackere gjør for å få tilgang - Publisert.pptx

Hva avanserte hackere gjør for å få tilgang - Publisert.pptx

Red teaming and war stories

Red teaming and war stories

Red teaming and war stories

Phishing past mail protection controls using azure information

Phishing past mail protection controls using azure information

Phishing past mail protection controls using azure information

App-o-Lockalypse now!

App-o-Lockalypse now!

App-o-Lockalypse now!

#Lolbins - Nothing to LOL about!

#Lolbins - Nothing to LOL about!

#Lolbins - Nothing to LOL about!

Windows binærfiler

Windows binærfiler

Windows binærfiler

Hacke windows med windows - avanserte angrep

Hacke windows med windows - avanserte angrep

Hacke windows med windows - avanserte angrep

NIC 2017 - Attack and detection in Windows Environments

NIC 2017 - Attack and detection in Windows Environments

NIC 2017 - Attack and detection in Windows Environments

Angrep og deteksjon user group 22.september

Angrep og deteksjon user group 22.september

Angrep og deteksjon user group 22.september

Kürzlich hochgeladen

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Exploring Multimodal Embeddings with Milvus

Exploring Multimodal Embeddings with Milvus

Exploring Multimodal Embeddings with Milvus

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

FWD Group - Insurer Innovation Award 2024

FWD Group - Insurer Innovation Award 2024

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

When you’re building (micro)services, you have lots of framework options. Spring Boot is no doubt a popular choice. But there’s more! Take Quarkus, a framework that’s considered the rising star for Kubernetes-native Java. It always depends on what's best for your situation, but how to choose the best solution if you're comparing 2 frameworks? Both Spring Boot and Quarkus have their positives and negatives. Let us compare the two by live coding a couple of common use cases in Spring Boot and Quarkus. After this talk, you’ll be ready to get started with Quarkus yourself, and know when to select Quarkus or Spring Boot.

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

MS Copilot expands with MS Graph connectors

MS Copilot expands with MS Graph connectors

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

The action of the next cyber saga takes place in the mystical lands of the Asia-Pacific region, where the main characters began their digital activities in the middle of 2021 and qualitatively strengthened it in 2022. Corporate espionage, document theft, audio recordings, and data leaks from messaging platforms were all a matter of one day for Dark Pink. Their geographical focus may have started in the Asia-Pacific region, but their ambitions knew no bounds, targeting a European government ministry in a bold move to expand their portfolio. Their victim profile was as diverse as a UN meeting, targeting military organizations, government agencies, and even a religious organization. Because discrimination is not a fashionable agenda. In the world of cybercrime, they serve as a reminder that sometimes the most serious threats come in the most unassuming packages with a pink bow.

Cyberprint. Dark Pink Apt Group [EN].pdf

Cyberprint. Dark Pink Apt Group [EN].pdf

Cyberprint. Dark Pink Apt Group [EN].pdf

Overkill Security

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Kürzlich hochgeladen (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Exploring Multimodal Embeddings with Milvus

Exploring Multimodal Embeddings with Milvus

Exploring Multimodal Embeddings with Milvus

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

FWD Group - Insurer Innovation Award 2024

FWD Group - Insurer Innovation Award 2024

FWD Group - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

MS Copilot expands with MS Graph connectors

MS Copilot expands with MS Graph connectors

MS Copilot expands with MS Graph connectors

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Cyberprint. Dark Pink Apt Group [EN].pdf

Cyberprint. Dark Pink Apt Group [EN].pdf

Cyberprint. Dark Pink Apt Group [EN].pdf

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Enkel og effektiv herding av windows

1. Enkel og effektiv herding av Windows

2. ODDVAR MOE - Red teamer @TrustedSec - Security geek / Blogger / Speaker - Microsoft MVP 5 years - Working with IT since 2000 - Security Research ❤ Memes @oddvarmoe - https://oddvar.moe

3. Enkle herdinger • Makroer • HTA/JS/JSE • LAPS / Prevent Local Admin Lateral Movement • SMB Signing • LSASS Protection

4. Makroer • Ubestridt mest populære angrepsvektor

5. Deaktivere Makroer

6. Deaktivere Makroer

7. Deaktivere Makroer • Kan også gjøres gjennom Intune https://helgeklein.com/blog/2019/07/blocking-office-macros- managing-windows-macos-via-intune/

8. HTA/JS/JSE filer • Ofte en link i epost • Eksekverer kode

9. HTA/JS/JSE filer • Ofte en link i epost • Eksekverer kode

10. Endre oppførsel til HTA/JS/JSE filer

11. LAPS • Unikt administrator passord • https://Aka.ms/laps • Forhindrer klassisk lateral movement med Pass-the-Hash • Enkelt å implementere (15m) Guide på Norsk: https://channel9.msdn.com/Blogs/MVP-Cloud- DataCenter/Gjennomgang-av-Local-Administrator-Password-Solution- LAPS

12. LAPS High level: • Schema extension • MSI/DLL fil installeres I miljøet • En GPO lages med riktige innstillinger for ønsket passord policy

13. Forhindre Lateral Movement Et annet enkelt og effektivt triks:

14. SMB Signing • Forhindrer Man-in-The-Middle / Replay • Kan påvirke ytelse • Ingen grunn til ikke å slå på

15. SMB Signing

16. LSASS Protection • Gjør det vanskeligere å dumpe LSASS • Krever mer innsats av angriper

17. LSASS Protection

18. LSASS Protection

19. LSASS Protection

20. Andre tips • Lokal administrator • AppLocker / Device Guard • BitLocker • Logging / Windows Event forwarding • Microsoft Defender Advanced Threat Protection • Baselines • https://adsecurity.org/?p=3299

21. Andre tips • https://docs.microsoft.com/en-us/windows/security/threat- protection/windows-security-baselines • https://www.trustedsec.com/blog/4-free-easy-wins-that-make- red-teams-harder/ • https://docs.microsoft.com/en-us/windows/security/threat- protection/windows-defender-application- control/applocker/applocker-overview

22. TAKK FOR MEG Mail: Oddvar.moe@trustedsec.com Twitter: @oddvarmoe