CSF18 - How to Block Ransomware - Sami Laiho

•

0 likes•213 views

NCCOMMS

Cybercrime Security Forum - Europe 2018 Session

Technology

How to block WannaCrypt, Locky
and any other ransomware

Sami Laiho
Senior Technical Fellow
adminize.com
• IT Admin since 1996
• MVP in Windows OS since 2011
• Specializes in and trains:
• Troubleshooting
• Security
• Windows Internals
• Trophies:
• Best and 3rd session at MCT Summit 2018
• Best two Sessions at IGNITE 2018! (out of 1708 session in total)
• Best Session at AppManagEvent 2017 and 2018, Utrecht
• Best External Speaker at Ignite 2017
• Best Sessions (#1 and #2) at TechTalks 2017, Helsinki
• TechDays Sweden 2016 – Best Speaker
• NIC 2016, 2017 - Best Speaker
• Ignite 2015 – Best male presenter ;) (#2 out of 1000 speakers)
• TechEd Europe and North America 2014 - Best session, Best
speaker

@samilaiho
If you are not on Twitter – get on Twitter!

Simplest AppLocker
• If you don’t you anything else do this
• You kill 950000 pieces of malware every day

Mitigating PtH
• Split your environment into three layers
• Never allow higher layer admins to logon to lower layers
Power
(DCs)
Data (Servers and
Apps)
Access (Endpoints)
Domain Admins
Server Admins Workstation Admins

Lazy way
• Windows 7
• Deny access to Local Administrators from
the network
• Requires KB 2871997
• Windows 8.1/10
• Deny access to Local Administrators from
the network

Controlled Folder Access &
Exploit Guard

Basic Protections
• Firewall Everything!
• BitLocker Everything!
• Use Anti-Malware, just not as your main protection!
• Get rid of SMBv1
• If possible get rid of NTLM
• Implement MFA
• Go UEFI+SecureBoot

https://www.cisecurity.org/controls/
• Block 97% of threats

Contact
• sami@adminize.com
• Twitter: @samilaiho
• Blog: http://blog.win-fu.com/
• Free newsletter:
http://eepurl.com/F-GOj
• Video-based training:
• http://www.pluralsight.com/
• Want free codes? Email me!
• NOW: http://win-fu.com/dojo
•Trial2018

What's hot

Passwords are passé. WebAuthn is simpler, stronger and ready to go

Michael Furman

Protecting your data from viruses or malicious code is not an unfamiliar concept, but understanding how these threats can affect your Power Systems server may not be as easy to grasp. There are many myths about viruses and IBM i—including the belief that the system is immune. Many Power Systems managers still don’t see viruses as a risk because they see them as a Windows threat. While this was once true, today’s connected environments operate under different rules. It’s time to take action and protect IBM i and the network that connects to it. Check out this presentation to gain an understanding of the relationships between: • Viruses and the integrated file system (IFS) • Power Systems and Windows viruses • PC-based anti-virus scanning vs native IBM i scanning There are a number of ways you can minimize your exposure to viruses. Learn the facts to ensure you are fully-protected.

The Truth About Viruses on IBM i

HelpSystems

Security architecture design patterns iltam 2018 - ofer rivlin

Ofer Rivlin, CISSP

Securing the continuous integration

Irene Michlin

Рабочие нагрузки Skype for business 2015 UC Lab

UC2

I will never forget my assignment for a vulnerability assessment against a control systems network. “Hey, can you go somewhere, run “scans” against this system, and oh by the way don’t crash it or a large portion of the USA could lose power”. Needless to say, I turned down that assignment, as they required that a traditional network-based “scan” be run. There has to be a better way to preform assessments in such environments! Fast forward 10 years later and I’ve worked with much safer techniques for assessing the security of SCADA/Control systems infrastructure. Working for Tenable Network Security has also provided me great insights into several techniques, including: - Using credentials to login to systems and audit for missing patches and configuration changes - Tuning vulnerability scans to be less intrusive yet still accurate and providing useful information - Implementing passive vulnerability scanning to discover hosts on the network and enumerate vulnerabilities, without sending a single packet to the end-user system

Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...

Digital Bond

ANET SureLog International Edition Main Advantages

Murat Korucu

Canadian Cyber Cecurity

Peter Scheffler

CSW2017 Geshev+Miller logic bug hunting in chrome on android

CanSecWest

Canadian Cyber Cecurity

Peter Scheffler

QIWI SOC benchmarking: Blue Team story

Mona Arkhipova

Positive Hack Days 7 - Ransomware forensiсs

Mona Arkhipova

Defcon 22-tim-mcguffin-one-man-shop

Priyanka Aash

Loggin alerting and hunting technology hub 2016

Scot Berner

A Closer Look at Isolation: Hype or Next Gen Security?

MenloSecurity

T3 conference talk nov 2014

Sid Yenamandra

"Windows Defender Advanced Threat Protection will soon be available for all Blue Teams to utilize within Windows 10 Enterprise, which includes detection of post breach tools, tactics and techniques commonly used by Red Teams, as well as behavior analytics. Combined with Microsoft Advanced Threat Analytics for user behavior analytics across the Domain, Red Teamers will soon face a significantly more challenging time maintaining stealth while performing internal recon, lateral movement, and privilege escalation in Windows 10/Active Directory environments. This talk highlights challenges to red teams posed by Microsoft's new tools based on common hacking tools/techniques, and covers techniques which can be used to bypass, disable, or avoid high severity alerts within Windows Defender ATP and Microsoft ATA, as well as TTP used against mature organizations that may have additional controls in place such as Event Log Forwarding and Sysmon."

MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt) -...

Chris Thompson

One of the biggest concerns for info security professionals and business executives right now is ransomware attacks. It has prompted many organizations urgently assess what they need to do to contain and limit their exposure to this threat. Presented by renowned industry expert Prof. Avishai Wool, this new technical webinar will provide some best practices and tips to help organizations prevent, contain and respond to a ransomware attack. In this webinar Professor Wool will discuss: • The different methods used by cyber criminals to penetrate the network security perimeter • Best practices for reducing cyber criminals’ lateral movements across the network • How to augment incident triage with critical business context to assess the severity, risk and potential business impact of an attack • Prioritizing incident remediation efforts based on business risk, and neutralizing impacted systems through zero-touch automation • The impact of a ransomware on regulatory compliance

Ransomware Attack: Best Practices to proactively prevent contain and respond

AlgoSec

Applying formal methods to existing software by B.Monate

Mahaut Gouhier

Developing a Multi-Layered Defense for Your Systems and Data Confidence in the security of your IBM i systems and data requires a solid understanding of potential vulnerabilities, the most effective best practices, and technologies that minimize the possibility of a data breach. We’ve grouped important security best practices and technologies into overlapping layers that provide multiple lines of defense. The ultimate goal is to always have another layer of security to thwart a would-be intruder. Whether you are a systems security officer or an IBM i system administrator, you don’t want to miss this opportunity to learn about IBM i security best practices. We’ll discuss: • Common IBM i security vulnerabilities • Configuring the security capabilities of the IBM i • Implementing network security, access control, cryptography and more

Best Practices in IBM i Security

Precisely

What's hot (20)

Passwords are passé. WebAuthn is simpler, stronger and ready to go

The Truth About Viruses on IBM i

Security architecture design patterns iltam 2018 - ofer rivlin

Securing the continuous integration

Рабочие нагрузки Skype for business 2015 UC Lab

Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...

ANET SureLog International Edition Main Advantages

Canadian Cyber Cecurity

CSW2017 Geshev+Miller logic bug hunting in chrome on android

Canadian Cyber Cecurity

QIWI SOC benchmarking: Blue Team story

Positive Hack Days 7 - Ransomware forensiсs

Defcon 22-tim-mcguffin-one-man-shop

Loggin alerting and hunting technology hub 2016

A Closer Look at Isolation: Hype or Next Gen Security?

T3 conference talk nov 2014

MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt) -...

Ransomware Attack: Best Practices to proactively prevent contain and respond

Applying formal methods to existing software by B.Monate

Best Practices in IBM i Security

Similar to CSF18 - How to Block Ransomware - Sami Laiho

ITCamp 2011 - Paula Januszkiewicz - 10 deadly sins of Windows Administrators

ITCamp

Enacting Scrum - What it takes to maximize the chances for a successful adopt...

ITCamp

Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)

ITCamp

TEKMONKS

Rohit Kapoor

Practical Exploitation - Webappy Style

Rob Fuller

ITCamp 2011 - Paula Januszkiewicz - Password secrets revealed

ITCamp

In this lecture, Walter Belgers will look at some security flaws in locks to see how they came about. Then, he shows us how similar mistakes are made in software development and deployment. In both cases, we have to deal with design flaws, implementation errors, zero day attacks, brute force attacks, user errors and more. Real life examples will be given and demonstrated. There are some interesting differences in how security is looked at in the hardware and the software world. Both groups can certainly learn each other.

ITCamp 2018 - Walter Belgers - Lockpicking and IT security

ITCamp

MTRAMA - Episode Ten - 18/01/2021

Graham Walsh

Adversary Driven Defense in the Real World

James Wickett

Title: Why Script Kiddies Succeed Event: 12th Annual Central Ohio InfoSec Summit Date: May 23, 2019 Speaker: Matt Scheurer Abstract: Some offensive security tools have become so user friendly and simple that the barrier to compromising vulnerable systems has become trivial. We will use Kali Linux, SPARTA, OWASP ZAP, and Armitage to demonstrate just how easy exploiting some vulnerabilities has become. The takeaways will be on vulnerability scanning systems in your environment and Proof-of-Concept those findings to help improve your overall security posture. Eliminating the low hanging fruit of vulnerabilities in an environment will help harden those systems against low-skill attackers and receive more mature and meaningful findings from penetration tests. Bio: Some offensive security tools have become so user friendly and simple that the barrier to compromising vulnerable systems has become trivial. We will use Kali Linux, SPARTA, OWASP ZAP, and Armitage to demonstrate just how easy exploiting some vulnerabilities has become. The takeaways will be on vulnerability scanning systems in your environment and Proof-of-Concept those findings to help improve your overall security posture. Eliminating the low hanging fruit of vulnerabilities in an environment will help harden those systems against low-skill attackers and receive more mature and meaningful findings from penetration tests.

Central Ohio InfoSec Summit: Why Script Kiddies Succeed

ThreatReel Podcast

IT is changing faster and faster and users requires completely different approach – especially millennials. Microsoft reacts to these IT needs by introducing EMS – most complex security and management suite on the market. We will cover how to manage and secure user identity, devices and documents. Discussion will cover not only Microsoft’s operating systems but iOS and Androids as well. As traditional IT assets needs to be maintained as well, SCCM and cloud management can be combined very easily. Join us on this presentation to see today’s possibilities of IT.

How to secure and manage modern IT - Ondrej Vysek

ITCamp

Demo 1: https://www.youtube.com/watch?v=cpnrCkj1308 Demo 2: https://www.youtube.com/watch?v=JmtjtiI3-fc Demo 2 1/2: https://www.youtube.com/watch?v=KRdNbYbJSiI Demo 3: https://www.youtube.com/watch?v=6gB-upKXTZ4 Automated adversary simulation is often perceived as a hard, dangerous and complicated program to implement and run. Fear no longer, our methodology and tooling will let you test and measure your defenses throughout your production environment to test not only your detection rule’s resilience but the whole event pipeline as well as your team’s response procedures. In this talk, we’ll share with the audience the open source tools we built and the methodology we use that will allow them to hit the ground running at nearly no cost.

Defcon Blue Team Village 2020: Purple On My Mind: Cost Effective Automated Ad...

Mauricio Velazco

NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...

North Texas Chapter of the ISSA

It is well known among security professionals that the weakest link in any organization's security is the employee- the so-called "human element". While endpoint security controls may mitigate this risk, they are nowhere close to removing it completely. This is where security training becomes essential. This talk will cover how to introduce and improve security training in any organization, along with industry best practices, and methods to keep knowledge retention high. The speaker will provide specific examples from his own experience of cases where a properly trained employee could have easily thwarted a devastating attack immediately. Will your employees be your weakest link, or your strongest asset?

Security Training: Making your weakest link the strongest - CircleCityCon 2017

Aaron Hnatiw

ITCamp 2011 - Mihai Tataran, Tudor Damian - Keynote

ITCamp

TomaszPoszytek_ALM-Fundamentals_SS2023.pdf

Tomasz Poszytek

Red teaming in the cloud

Peter Wood

Codegarden - API economy (NestJs)

Michele Mastrogiovanni

From velvet to silk there is still a lot of sweat

Stefano Maccaglia

Similar to CSF18 - How to Block Ransomware - Sami Laiho (20)

ITCamp 2011 - Paula Januszkiewicz - 10 deadly sins of Windows Administrators

Enacting Scrum - What it takes to maximize the chances for a successful adopt...

Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)

Practical Exploitation - Webappy Style

ITCamp 2011 - Paula Januszkiewicz - Password secrets revealed

ITCamp 2018 - Walter Belgers - Lockpicking and IT security

MTRAMA - Episode Ten - 18/01/2021

Adversary Driven Defense in the Real World

Central Ohio InfoSec Summit: Why Script Kiddies Succeed

How to secure and manage modern IT - Ondrej Vysek

Defcon Blue Team Village 2020: Purple On My Mind: Cost Effective Automated Ad...

NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...

Security Training: Making your weakest link the strongest - CircleCityCon 2017

ITCamp 2011 - Mihai Tataran, Tudor Damian - Keynote

TomaszPoszytek_ALM-Fundamentals_SS2023.pdf

Red teaming in the cloud

Codegarden - API economy (NestJs)

From velvet to silk there is still a lot of sweat

Recently uploaded

Real Time Object Detection Using Open CV

Khem

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

A Beginners Guide to Building a RAG App Using Open Source Milvus

Zilliz

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

ICT role in 21st century education and its challenges

rafiqahmad00786416

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Architecting Cloud Native Applications

WSO2

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Navi Mumbai Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Navi Mumbai Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Navi Mumbai Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

DBX First Quarter 2024 Investor Presentation

Dropbox

Recently uploaded (20)

Real Time Object Detection Using Open CV

Boost Fertility New Invention Ups Success Rates.pdf

A Beginners Guide to Building a RAG App Using Open Source Milvus

Ransomware_Q4_2023. The report. [EN].pdf

ICT role in 21st century education and its challenges

Exploring the Future Potential of AI-Enabled Smartphone Processors

Axa Assurance Maroc - Insurer Innovation Award 2024

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Apidays New York 2024 - The value of a flexible API Management solution for O...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Architecting Cloud Native Applications

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

MINDCTI Revenue Release Quarter One 2024

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Powerful Google developer tools for immediate impact! (2023-24 C)

DBX First Quarter 2024 Investor Presentation

CSF18 - How to Block Ransomware - Sami Laiho

2. How to block WannaCrypt, Locky and any other ransomware

3. Sami Laiho Senior Technical Fellow adminize.com • IT Admin since 1996 • MVP in Windows OS since 2011 • Specializes in and trains: • Troubleshooting • Security • Windows Internals • Trophies: • Best and 3rd session at MCT Summit 2018 • Best two Sessions at IGNITE 2018! (out of 1708 session in total) • Best Session at AppManagEvent 2017 and 2018, Utrecht • Best External Speaker at Ignite 2017 • Best Sessions (#1 and #2) at TechTalks 2017, Helsinki • TechDays Sweden 2016 – Best Speaker • NIC 2016, 2017 - Best Speaker • Ignite 2015 – Best male presenter ;) (#2 out of 1000 speakers) • TechEd Europe and North America 2014 - Best session, Best speaker

4. @samilaiho If you are not on Twitter – get on Twitter!

5. https://win-fu.com/share/

6. Stop using admin rights

7. Hacking AppLocker DEMO

8. If you won’t stop then change UAC

10. Deploy Whitelisting

11. AppLocker example • My own

12. Simplest AppLocker • If you don’t you anything else do this • You kill 950000 pieces of malware every day

13. Signing

14. No Enterprise?

15. Contain Trouble

16. Firewall DEMO

17. Firewall

18. Mitigate Pass-The-Hash

19. Mitigating PtH • Split your environment into three layers • Never allow higher layer admins to logon to lower layers Power (DCs) Data (Servers and Apps) Access (Endpoints) Domain Admins Server Admins Workstation Admins

20. Deploy LAPS

21. Deploying LAPS • CQure Academy

22. Lazy way • Windows 7 • Deny access to Local Administrators from the network • Requires KB 2871997 • Windows 8.1/10 • Deny access to Local Administrators from the network

23. Windows 10 Enterprise?

24. Controlled Folder Access & Exploit Guard

25.

26.

27.

28. Kind of EMET

29. Basic Protections • Firewall Everything! • BitLocker Everything! • Use Anti-Malware, just not as your main protection! • Get rid of SMBv1 • If possible get rid of NTLM • Implement MFA • Go UEFI+SecureBoot

30. https://www.cisecurity.org/controls/ • Block 97% of threats

31. Contact • sami@adminize.com • Twitter: @samilaiho • Blog: http://blog.win-fu.com/ • Free newsletter: http://eepurl.com/F-GOj • Video-based training: • http://www.pluralsight.com/ • Want free codes? Email me! • NOW: http://win-fu.com/dojo •Trial2018

CSF18 - How to Block Ransomware - Sami Laiho

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to CSF18 - How to Block Ransomware - Sami Laiho

Similar to CSF18 - How to Block Ransomware - Sami Laiho (20)

More from NCCOMMS

More from NCCOMMS (20)

Recently uploaded

Recently uploaded (20)

CSF18 - How to Block Ransomware - Sami Laiho