Paula Januszkiewicz, profile picture
Uploaded byPaula Januszkiewicz
3,024 views

RSA Conference 2017 session: Hacker’s Perspective on Your Windows Infrastructure: Mandatory Check List

The document discusses cybersecurity best practices for Windows infrastructure, emphasizing the importance of understanding potential vulnerabilities and hacker tactics. Key recommendations include implementing password management, regular audits, security awareness training, and proper network segmentation to mitigate risks. The session aims to equip attendees with practical measures to enhance their security posture against potential attacks.

Embed presentation

SESSION ID:SESSION ID: #RSAC Paula Januszkiewicz Hacker’s Perspective on Your Windows Infrastructure: Mandatory Check List TECH-W10 CEO, Security Expert, Penetration Tester & Trainer, MVP CQURE @paulacqure | paula@cqure.us
#RSAC
#RSAC
#RSAC Agenda
#RSAC Session Goal Be familiar with the possibilities of the operating system From the user mode and kernel mode We are NOT talking about the forensics! … just doing a little hacking + conclusions My goal: See one of the ways hacker can act
#RSAC Agenda
#RSAC Know your victim
#RSAC Know the services
#RSAC Attack Users Users Users rarely have software up to date Awareness issues ... But for hacker it may be not enough Administrators Local account Password reuse for workstations Different password for workstations Domain account Domain user being local administrator Domain administrator
#RSAC The meaning of scripts
#RSAC Make your backdoor persistent Services DLLs Startup (Menu Start) Task Scheduler LSA Providers Run, Run Once GPO Notification Package Winlogon Image Hijacking Drivers Etc.
#RSAC Stay Persistent
#RSAC Stay undetected If you are not ready to attack: stay stealth and do not change the system behavior Hide your traces Processes Files Infrastructure performance Network traffic Server / Client Platform Performance
#RSAC Stay undetected
#RSAC Leverage your position
#RSAC Victim Recon
#RSAC Use victims to attack more targets Create the remotely controlled network Automate next scans Create your own botnet What can be the hacker’s goal in your infrastructure?
#RSAC Agenda
#RSAC Apply Offline access protection, implementation of solutions like BitLocker. Implementation of the process execution prevention (AppLocker etc.) Log centralization, log reviews - searching for the anomalies, certain log error codes. Performing the regular audits of code running on the servers (fe. Autoruns). Maintenance: Backup implementation and regular updating. Review of the services running on the accounts that are not built in. Change them to gMSAs where possible, set up SPNs. Get rid of NETBIOS. Try to avoid NTLMv2, especially if you do not have AppLocker in place or SMB Signing. Client protection: Implement of the anti-exploit solutions.
#RSAC Apply What You Have Learned Today Next week you should: Implement Local Admin Password Management or other password management solution Build the plan of the periodical configuration reviews and penetration tests (security checks) In the first three months following this presentation you should: Implement the Security Awareness Program among employees and technical training for administrators Review the configuration of client-side firewall and enabling the programs that can communicate through the network Limit of the amount of services running on the servers (SCW and manual activities) Within six month you should: Implement scoping (role management) for permissions and employee roles (SQL Admins, Server Admins etc.) Review network segmentation (+ IPSec Isolation, DNSSec etc.)
#RSAC Apply What You Have Learned Today Next week you should: Implement Local Admin Password Management or other password management solution Build the plan of the periodical configuration reviews and penetration tests (security checks) In the first three months following this presentation you should: Implement the Security Awareness Program among employees and technical training for administrators Review the configuration of client-side firewall and enabling the programs that can communicate through the network Limit of the amount of services running on the servers (SCW and manual activities) Within six month you should: Implement scoping (role management) for permissions and employee roles (SQL Admins, Server Admins etc.) Review network segmentation (+ IPSec Isolation, DNSSec etc.)

More Related Content

PDF
rsa-usa-2019-keynote-paula-januszkiewicz
byPaula Januszkiewicz
 
PDF
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
byPaula Januszkiewicz
 
PPTX
12 Crucial Windows Security Skills for 2018
byPaula Januszkiewicz
 
PDF
Top 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth Taking
byPaula Januszkiewicz
 
PPTX
Top 10 ways to make hackers excited: All about the shortcuts not worth taking
byPaula Januszkiewicz
 
PPTX
12 Crucial Windows Security Skills for 2017
byPaula Januszkiewicz
 
PPTX
Microsoft Ignite session: Look under the hood: bypassing antimalware tactics ...
byPaula Januszkiewicz
 
PDF
30 Cybersecurity Skills You Need To Become a Windows Security Pro
byPaula Januszkiewicz
 
rsa-usa-2019-keynote-paula-januszkiewicz
byPaula Januszkiewicz
 
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
byPaula Januszkiewicz
 
12 Crucial Windows Security Skills for 2018
byPaula Januszkiewicz
 
Top 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth Taking
byPaula Januszkiewicz
 
Top 10 ways to make hackers excited: All about the shortcuts not worth taking
byPaula Januszkiewicz
 
12 Crucial Windows Security Skills for 2017
byPaula Januszkiewicz
 
Microsoft Ignite session: Look under the hood: bypassing antimalware tactics ...
byPaula Januszkiewicz
 
30 Cybersecurity Skills You Need To Become a Windows Security Pro
byPaula Januszkiewicz
 

What's hot

PPTX
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
byAlienVault
 
PPTX
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
byBlueHat Security Conference
 
PDF
Shields up - improving web application security
byKonstantin Mirin
 
PPTX
RSA Conference 2017 session: What System Stores on the Disk Without Telling You
byPaula Januszkiewicz
 
PPTX
Top 10 mobile security risks - Khổng Văn Cường
byVõ Thái Lâm
 
PDF
Dear Hacker: Infrastructure Security Reality Check
byPaula Januszkiewicz
 
PDF
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
byBlueHat Security Conference
 
PPTX
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
byAlienVault
 
ODP
Hardening Database Server
byFahri Firdausillah
 
PDF
Content Security Policy - Lessons learned at Yahoo
byBinu Ramakrishnan
 
PPTX
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
byPaula Januszkiewicz
 
PPT
Windows network
byJithesh Nair
 
PDF
Gartner Security & Risk Management Summit 2018
byPaula Januszkiewicz
 
PPTX
RSA 2018: Adventures in the Underland: Techniques against Hackers Evading the...
byPaula Januszkiewicz
 
PDF
Hacker techniques for bypassing existing antivirus solutions & how to build a...
byBeyondTrust
 
PPTX
Microsoft Ignite session: Explore adventures in the underland: forensic techn...
byPaula Januszkiewicz
 
PDF
BlueHat v18 || May i see your credentials, please
byBlueHat Security Conference
 
PPTX
BlueHat v17 || Down the Open Source Software Rabbit Hole
byBlueHat Security Conference
 
PDF
Virtual Networking Security - Network Security
byEng Teong Cheah
 
PPTX
Fatal signs: 10 symptoms when you think you’ve been hacked
byPaula Januszkiewicz
 
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
byAlienVault
 
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
byBlueHat Security Conference
 
Shields up - improving web application security
byKonstantin Mirin
 
RSA Conference 2017 session: What System Stores on the Disk Without Telling You
byPaula Januszkiewicz
 
Top 10 mobile security risks - Khổng Văn Cường
byVõ Thái Lâm
 
Dear Hacker: Infrastructure Security Reality Check
byPaula Januszkiewicz
 
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
byBlueHat Security Conference
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
byAlienVault
 
Hardening Database Server
byFahri Firdausillah
 
Content Security Policy - Lessons learned at Yahoo
byBinu Ramakrishnan
 
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
byPaula Januszkiewicz
 
Windows network
byJithesh Nair
 
Gartner Security & Risk Management Summit 2018
byPaula Januszkiewicz
 
RSA 2018: Adventures in the Underland: Techniques against Hackers Evading the...
byPaula Januszkiewicz
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
byBeyondTrust
 
Microsoft Ignite session: Explore adventures in the underland: forensic techn...
byPaula Januszkiewicz
 
BlueHat v18 || May i see your credentials, please
byBlueHat Security Conference
 
BlueHat v17 || Down the Open Source Software Rabbit Hole
byBlueHat Security Conference
 
Virtual Networking Security - Network Security
byEng Teong Cheah
 
Fatal signs: 10 symptoms when you think you’ve been hacked
byPaula Januszkiewicz
 

Viewers also liked

PDF
DEF CON 23 - NSM 101 for ICS
byChris Sistrunk
 
PPTX
Abusing Microsoft Kerberos - Sorry you guys don't get it
byBenjamin Delpy
 
PPTX
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...
byBenjamin Delpy
 
PPTX
Vulnerability Inheritance in ICS (English)
byDigital Bond
 
PPTX
ICS Security Training ... What Works and What Is Needed (Japanese)
byDigital Bond
 
PDF
Windows Service Hardening
byDigital Bond
 
PDF
Accelerating OT - A Case Study
byDigital Bond
 
PPTX
Golden ticket, pass the ticket mi tm kerberos attacks explained
byPeter Swedin
 
PDF
The Stuxnet Worm creation process
byAjay Ohri
 
PDF
Attacking and Defending Autos Via OBD-II from escar Asia
byDigital Bond
 
PPTX
Kerberos
bySutanu Paul
 
PPTX
The RIPE Experience
byDigital Bond
 
PPTX
Dynamic Zoning Based On Situational Activity in ICS (Japanese)
byDigital Bond
 
PDF
PT - Siemens WinCC Flexible Security Hardening Guide
byqqlan
 
PPTX
Internet Accessible ICS in Japan (English)
byDigital Bond
 
PDF
Remote Control Automobiles at ESCAR US 2015
byDigital Bond
 
PDF
S4xJapan Closing Keynote
byDigital Bond
 
PPTX
Hacker Halted 2016 - How to get into ICS security
byChris Sistrunk
 
PPTX
Survey and Analysis of ICS Vulnerabilities (Japanese)
byDigital Bond
 
PPTX
Incubation of ICS Malware (English)
byDigital Bond
 
DEF CON 23 - NSM 101 for ICS
byChris Sistrunk
 
Abusing Microsoft Kerberos - Sorry you guys don't get it
byBenjamin Delpy
 
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...
byBenjamin Delpy
 
Vulnerability Inheritance in ICS (English)
byDigital Bond
 
ICS Security Training ... What Works and What Is Needed (Japanese)
byDigital Bond
 
Windows Service Hardening
byDigital Bond
 
Accelerating OT - A Case Study
byDigital Bond
 
Golden ticket, pass the ticket mi tm kerberos attacks explained
byPeter Swedin
 
The Stuxnet Worm creation process
byAjay Ohri
 
Attacking and Defending Autos Via OBD-II from escar Asia
byDigital Bond
 
Kerberos
bySutanu Paul
 
The RIPE Experience
byDigital Bond
 
Dynamic Zoning Based On Situational Activity in ICS (Japanese)
byDigital Bond
 
PT - Siemens WinCC Flexible Security Hardening Guide
byqqlan
 
Internet Accessible ICS in Japan (English)
byDigital Bond
 
Remote Control Automobiles at ESCAR US 2015
byDigital Bond
 
S4xJapan Closing Keynote
byDigital Bond
 
Hacker Halted 2016 - How to get into ICS security
byChris Sistrunk
 
Survey and Analysis of ICS Vulnerabilities (Japanese)
byDigital Bond
 
Incubation of ICS Malware (English)
byDigital Bond
 

Similar to RSA Conference 2017 session: Hacker’s Perspective on Your Windows Infrastructure: Mandatory Check List

PDF
Windows server hardening 1
byFrank Avila Zapata
 
PPTX
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
byDragos, Inc.
 
PDF
Introducing a Security Program to Large Scale Legacy Products
byPriyanka Aash
 
PPTX
Cyber Defense Matrix: Reloaded
bySounil Yu
 
PPTX
MS. Cybersecurity Reference Architecture
byangelohammond
 
PDF
Implementing An Automated Incident Response Architecture
byPriyanka Aash
 
PDF
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
byHealth IT Conference – iHT2
 
PDF
IDY-T08 More than Vaulting: Adapting to New Privileged Access Threats
byLance Peterman
 
PDF
Practical appsec lessons learned in the age of agile and DevOps
byPriyanka Aash
 
PDF
The Pivot
byPriyanka Aash
 
PDF
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
byRod Soto
 
PDF
Automated prevention of ransomware with machine learning and gpos
byPriyanka Aash
 
PPTX
RSA USA 2015 - Getting a Jump on Hackers
byWolfgang Kandek
 
PDF
RSA ASIA 2014 - Internet of Things
byWolfgang Kandek
 
PDF
Critical hygiene for preventing major breaches
byPriyanka Aash
 
PDF
Realities of Data Security
byPriyanka Aash
 
PDF
RSA 2016 Realities of Data Security
byScott Carlson
 
PDF
Windows Server 2008 Security Overview Short
byEduardo Castro
 
PDF
Windows Server 2008 Security Overview Short
byEduardo Castro
 
PDF
Proactive Measures to Defeat Insider Threat
byAndrew Case
 
Windows server hardening 1
byFrank Avila Zapata
 
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
byDragos, Inc.
 
Introducing a Security Program to Large Scale Legacy Products
byPriyanka Aash
 
Cyber Defense Matrix: Reloaded
bySounil Yu
 
MS. Cybersecurity Reference Architecture
byangelohammond
 
Implementing An Automated Incident Response Architecture
byPriyanka Aash
 
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
byHealth IT Conference – iHT2
 
IDY-T08 More than Vaulting: Adapting to New Privileged Access Threats
byLance Peterman
 
Practical appsec lessons learned in the age of agile and DevOps
byPriyanka Aash
 
The Pivot
byPriyanka Aash
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
byRod Soto
 
Automated prevention of ransomware with machine learning and gpos
byPriyanka Aash
 
RSA USA 2015 - Getting a Jump on Hackers
byWolfgang Kandek
 
RSA ASIA 2014 - Internet of Things
byWolfgang Kandek
 
Critical hygiene for preventing major breaches
byPriyanka Aash
 
Realities of Data Security
byPriyanka Aash
 
RSA 2016 Realities of Data Security
byScott Carlson
 
Windows Server 2008 Security Overview Short
byEduardo Castro
 
Windows Server 2008 Security Overview Short
byEduardo Castro
 
Proactive Measures to Defeat Insider Threat
byAndrew Case
 

Recently uploaded

PPTX
Finals - History and Geography Quiz - Around the World in 80 Questions - IITK
byAditya Padhi
 
PDF
বাংলাদেশ অর্থনৈতিক সমীক্ষা - ২০২৫ with Bookmark.pdf
bytanbircox UJS App
 
PDF
Deep Research and Analysis - by Ms. Oceana Wong
byagenticroom
 
PPTX
Prelims - History and Geography Quiz - Around the World in 80 Questions - IITK
byAditya Padhi
 
PPTX
The hidden treasures Grade 5 Story with Motive Questions.pptx
byGildaPetillaDelaCruz
 
PDF
45 ĐỀ LUYỆN THI IOE LỚP 8 THEO CHƯƠNG TRÌNH MỚI - NĂM HỌC 2024-2025 (CÓ LINK ...
byNguyen Thanh Tu Collection
 
PPTX
SEMESTER 5 UNIT- 1 Difference of Children and adults.pptx
bysachin7989
 
PPTX
A Presentation of PMES 2025-2028 with Salient features.pptx
byRoyPintor2
 
PDF
Conferencia de Abertura_Virgilio Almeida.pdf
byGrupo Tordesillas
 
PPTX
What are New Features in Purchase _Odoo 18
byCeline George
 
PDF
CXC-AD Associate Degree Handbook (Revised)
byCaribbean Examinations Council
 
PPTX
Elderly in India: The Changing Scenario.pptx
byMonika
 
PDF
Cattolica University - Lab Generative and Agentic AI - Mario Bencivinni
byMario Bencivinni
 
PPTX
Photography Pillar 1 The Subject PowerPoint
bymjb77ny
 
PDF
“Step-by-Step Fabrication of Bipolar Junction Transistors (BJTs)”
byGS Virdi
 
PDF
UGC NET Paper 1 Syllabus | 10 Units Complete Guide for NTA JRF
byNIKHIL K N
 
PPTX
Anatomy of the eyeball An overviews.pptx
byMushahidRaza8
 
PPTX
Time Series Analysis - Weighted (Unequal) Moving Average Method
bySundar B N
 
PPTX
G-Protein-Coupled Receptors (GPCRs): Structure, Mechanism, and Functions
byAnoja Kurian
 
PPTX
Chapter 3. Pharmaceutical Aids (pharmaceutics)
bySharibJamal
 
Finals - History and Geography Quiz - Around the World in 80 Questions - IITK
byAditya Padhi
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা - ২০২৫ with Bookmark.pdf
bytanbircox UJS App
 
Deep Research and Analysis - by Ms. Oceana Wong
byagenticroom
 
Prelims - History and Geography Quiz - Around the World in 80 Questions - IITK
byAditya Padhi
 
The hidden treasures Grade 5 Story with Motive Questions.pptx
byGildaPetillaDelaCruz
 
45 ĐỀ LUYỆN THI IOE LỚP 8 THEO CHƯƠNG TRÌNH MỚI - NĂM HỌC 2024-2025 (CÓ LINK ...
byNguyen Thanh Tu Collection
 
SEMESTER 5 UNIT- 1 Difference of Children and adults.pptx
bysachin7989
 
A Presentation of PMES 2025-2028 with Salient features.pptx
byRoyPintor2
 
Conferencia de Abertura_Virgilio Almeida.pdf
byGrupo Tordesillas
 
What are New Features in Purchase _Odoo 18
byCeline George
 
CXC-AD Associate Degree Handbook (Revised)
byCaribbean Examinations Council
 
Elderly in India: The Changing Scenario.pptx
byMonika
 
Cattolica University - Lab Generative and Agentic AI - Mario Bencivinni
byMario Bencivinni
 
Photography Pillar 1 The Subject PowerPoint
bymjb77ny
 
“Step-by-Step Fabrication of Bipolar Junction Transistors (BJTs)”
byGS Virdi
 
UGC NET Paper 1 Syllabus | 10 Units Complete Guide for NTA JRF
byNIKHIL K N
 
Anatomy of the eyeball An overviews.pptx
byMushahidRaza8
 
Time Series Analysis - Weighted (Unequal) Moving Average Method
bySundar B N
 
G-Protein-Coupled Receptors (GPCRs): Structure, Mechanism, and Functions
byAnoja Kurian
 
Chapter 3. Pharmaceutical Aids (pharmaceutics)
bySharibJamal
 

RSA Conference 2017 session: Hacker’s Perspective on Your Windows Infrastructure: Mandatory Check List

  • 1.
    SESSION ID:SESSION ID: #RSAC PaulaJanuszkiewicz Hacker’s Perspective on Your Windows Infrastructure: Mandatory Check List TECH-W10 CEO, Security Expert, Penetration Tester & Trainer, MVP CQURE @paulacqure | paula@cqure.us
  • 2.
  • 3.
  • 4.
  • 5.
    #RSAC Session Goal Be familiarwith the possibilities of the operating system From the user mode and kernel mode We are NOT talking about the forensics! … just doing a little hacking + conclusions My goal: See one of the ways hacker can act
  • 6.
  • 7.
  • 8.
  • 9.
    #RSAC Attack Users Users Users rarelyhave software up to date Awareness issues ... But for hacker it may be not enough Administrators Local account Password reuse for workstations Different password for workstations Domain account Domain user being local administrator Domain administrator
  • 10.
  • 11.
    #RSAC Make your backdoorpersistent Services DLLs Startup (Menu Start) Task Scheduler LSA Providers Run, Run Once GPO Notification Package Winlogon Image Hijacking Drivers Etc.
  • 12.
  • 13.
    #RSAC Stay undetected If youare not ready to attack: stay stealth and do not change the system behavior Hide your traces Processes Files Infrastructure performance Network traffic Server / Client Platform Performance
  • 14.
  • 15.
  • 16.
  • 17.
    #RSAC Use victims toattack more targets Create the remotely controlled network Automate next scans Create your own botnet What can be the hacker’s goal in your infrastructure?
  • 18.
  • 19.
    #RSAC Apply Offline access protection,implementation of solutions like BitLocker. Implementation of the process execution prevention (AppLocker etc.) Log centralization, log reviews - searching for the anomalies, certain log error codes. Performing the regular audits of code running on the servers (fe. Autoruns). Maintenance: Backup implementation and regular updating. Review of the services running on the accounts that are not built in. Change them to gMSAs where possible, set up SPNs. Get rid of NETBIOS. Try to avoid NTLMv2, especially if you do not have AppLocker in place or SMB Signing. Client protection: Implement of the anti-exploit solutions.
  • 20.
    #RSAC Apply What YouHave Learned Today Next week you should: Implement Local Admin Password Management or other password management solution Build the plan of the periodical configuration reviews and penetration tests (security checks) In the first three months following this presentation you should: Implement the Security Awareness Program among employees and technical training for administrators Review the configuration of client-side firewall and enabling the programs that can communicate through the network Limit of the amount of services running on the servers (SCW and manual activities) Within six month you should: Implement scoping (role management) for permissions and employee roles (SQL Admins, Server Admins etc.) Review network segmentation (+ IPSec Isolation, DNSSec etc.)
  • 21.
    #RSAC Apply What YouHave Learned Today Next week you should: Implement Local Admin Password Management or other password management solution Build the plan of the periodical configuration reviews and penetration tests (security checks) In the first three months following this presentation you should: Implement the Security Awareness Program among employees and technical training for administrators Review the configuration of client-side firewall and enabling the programs that can communicate through the network Limit of the amount of services running on the servers (SCW and manual activities) Within six month you should: Implement scoping (role management) for permissions and employee roles (SQL Admins, Server Admins etc.) Review network segmentation (+ IPSec Isolation, DNSSec etc.)