Protecting the keys to the castle! - Restricted Admin Credential Exposure

Microsoft TechNet - Belgium and Luxembourg
Microsoft TechNet - Belgium and LuxembourgMicrosoft TechNet - Belgium and Luxembourg
Protecting the keys to the castle – Restricted Admin Credential Exposure Marcus Murray & Hasain Alshakarti Truesec Security Team, MVP-Enterprise Security x2
Marcus Murray Hasain Alshakarti
Who doesn’t want to be domain admin?
Passing the dutchie Web Srv Mail Srv DC File Srv Client Client Admin User
Mitigating Passing the dutchie • SMB Signing! On domain controllers!
mimikatz • privilege::debug • inject::process lsass.exe sekurlsa.dll • @getLogonPasswords • Passwords in CLEAR TEXT!!!
The ”Mandiant report”
Local account depencencies Web Srv Mail Srv DC File Srv Mail Srv SrvAdm SrvAdm Client Client CliAdm CliAdm
Logged on account depencencies Web Srv Mail Srv DC File Srv Mail Srv Marcus_DA Marcus_DA Client Client Marcus_DA Marcus_DA
Complete mission Web Srv Mail Srv DC File Srv Mail Srv Client Client Admin User
Microsoft PtH Mitigations
Protecting! • Local firewalls • Non-admin • Cutting dependencies • Managed service accounts • AMA
Marcus Murray Hasain Alshakarti
Thank you for listening! 
1 of 14

Protecting the keys to the castle! - Restricted Admin Credential Exposure

Download to read offline

More info on http://techdays.be.

Microsoft TechNet - Belgium and Luxembourg
Microsoft TechNet - Belgium and LuxembourgMicrosoft TechNet - Belgium and Luxembourg

Recommended

Beginning Microservices with .NET & RabbitMQBeginning Microservices with .NET & RabbitMQ
Beginning Microservices with .NET & RabbitMQPaul Mooney
1.7K views37 slides
Deep-dive building solutions on the SharePoint FrameworkDeep-dive building solutions on the SharePoint Framework
Deep-dive building solutions on the SharePoint FrameworkWaldek Mastykarz
1.6K views12 slides
Topic 3 Double entry book keepingTopic 3 Double entry book keeping
Topic 3 Double entry book keepingSrinivas Methuku
5.3K views13 slides
Point of-sale-malware-backoffPoint of-sale-malware-backoff
Point of-sale-malware-backoffEMC
1K views20 slides
Block culture of naciremaBlock culture of nacirema
Block culture of naciremaTravis Klein
710 views9 slides
Final draft script a long day by nick mc cabeFinal draft script a long day by nick mc cabe
Final draft script a long day by nick mc cabesophiemcavoy1
156 views3 slides

More Related Content

Viewers also liked

Mat labMat lab
Mat labRahman Hakim
1.1K views174 slides

Viewers also liked(17)

Cơ bản về tủ lạnhCơ bản về tủ lạnh
Cơ bản về tủ lạnh
machupilani3.4K views
GoedgekleedGoedgekleed
Goedgekleed
Netwerk Bewust Verbruiken549 views
My evalutauion question 1My evalutauion question 1
My evalutauion question 1
Khendle Christie288 views
Mat labMat lab
Mat lab
Rahman Hakim1.1K views
Federmanager bo convegno impermanenza_27_03_13Federmanager bo convegno impermanenza_27_03_13
Federmanager bo convegno impermanenza_27_03_13
Marco Frullanti270 views
De stress fest2013slideshowDe stress fest2013slideshow
De stress fest2013slideshow
CheckIt Out286 views
What Is Async, How Does It Work, And When Should I Use It?What Is Async, How Does It Work, And When Should I Use It?
What Is Async, How Does It Work, And When Should I Use It?
emptysquare1.9K views
види таблиць конструкторвиди таблиць конструктор
види таблиць конструктор
Татьяна Глинская1.1K views
SME Estudio Marcas que Marcan 2012SME Estudio Marcas que Marcan 2012
SME Estudio Marcas que Marcan 2012
SME Puerto Rico766 views
EMC Hybrid Cloud for SAP - Enhanced Security and ComplianceEMC Hybrid Cloud for SAP - Enhanced Security and Compliance
EMC Hybrid Cloud for SAP - Enhanced Security and Compliance
EMC939 views
Stalking the Kill ChainStalking the Kill Chain
Stalking the Kill Chain
EMC1.4K views
Tues wed reformation playsTues wed reformation plays
Tues wed reformation plays
Travis Klein157 views
Creative examples of origami logo design for inspirationCreative examples of origami logo design for inspiration
Creative examples of origami logo design for inspiration
Maxim Logoswish1.8K views
TechBook: IMS on z/OS Using EMC Symmetrix Storage SystemsTechBook: IMS on z/OS Using EMC Symmetrix Storage Systems
TechBook: IMS on z/OS Using EMC Symmetrix Storage Systems
EMC1.5K views
Pastís de xocolata rita i juditPastís de xocolata rita i judit
Pastís de xocolata rita i judit
mgonellgomez259 views
Provisioning 2.0: The Future of ProvisioningProvisioning 2.0: The Future of Provisioning
Provisioning 2.0: The Future of Provisioning
EMC683 views
Media EvaluationMedia Evaluation
Media Evaluation
loousmith209 views

Similar to Protecting the keys to the castle! - Restricted Admin Credential Exposure

Azure Services PlatformAzure Services Platform
Azure Services PlatformDavid Chou
6.3K views23 slides

Similar to Protecting the keys to the castle! - Restricted Admin Credential Exposure(20)

Delivering Javascript to World+DogDelivering Javascript to World+Dog
Delivering Javascript to World+Dog
Kyle Randolph33 views
The service mesh: resilient communication for microservice applicationsThe service mesh: resilient communication for microservice applications
The service mesh: resilient communication for microservice applications
Outlyer708 views
Exploiting Active Directory Administrator InsecuritiesExploiting Active Directory Administrator Insecurities
Exploiting Active Directory Administrator Insecurities
Priyanka Aash246 views
Case Study: Privileged Access in a World on TimeCase Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on Time
CA Technologies1.4K views
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defenseDEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
Felipe Prado83 views
Azure Services PlatformAzure Services Platform
Azure Services Platform
David Chou6.3K views
Best ofmms mikeresselerBest ofmms mikeresseler
Best ofmms mikeresseler
Kenny Buntinx392 views
Best ofmms mikeresselerBest ofmms mikeresseler
Best ofmms mikeresseler
Dieter Wijckmans177 views
Escalation defenses ad guardrails every company should deployEscalation defenses ad guardrails every company should deploy
Escalation defenses ad guardrails every company should deploy
David Rowe119 views
Topic 2 - Ransomware Techniques.pptxTopic 2 - Ransomware Techniques.pptx
Topic 2 - Ransomware Techniques.pptx
Morningstar902 views
MongoDB World 2019: MongoDB Atlas Security 101 for DevelopersMongoDB World 2019: MongoDB Atlas Security 101 for Developers
MongoDB World 2019: MongoDB Atlas Security 101 for Developers
MongoDB379 views
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Alert Logic 239 views
Design patterns for microservice architectureDesign patterns for microservice architecture
Design patterns for microservice architecture
The Software House21.9K views
RSA Secur id for windowsRSA Secur id for windows
RSA Secur id for windows
arpit060551.8K views
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
MariaDB plc421 views
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise EditionQualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
Risk Analysis Consultants, s.r.o.403 views
Understanding Azure Networking ServicesUnderstanding Azure Networking Services
Understanding Azure Networking Services
InCycleSoftware2.1K views
Hackers versus Developers and Secure Web ProgrammingHackers versus Developers and Secure Web Programming
Hackers versus Developers and Secure Web Programming
Akash Mahajan2K views
Sql dba training in indiaSql dba training in india
Sql dba training in india
united global soft291 views
SQL DBA Online Training in IndiaSQL DBA Online Training in India
SQL DBA Online Training in India
united global soft189 views

More from Microsoft TechNet - Belgium and Luxembourg

More from Microsoft TechNet - Belgium and Luxembourg(20)

Windows 10: all you need to know!Windows 10: all you need to know!
Windows 10: all you need to know!
Microsoft TechNet - Belgium and Luxembourg3.1K views
Configuration Manager 2012 – Compliance Settings 101 - Tim de KeukelaereConfiguration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
Configuration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
Microsoft TechNet - Belgium and Luxembourg1.7K views
Windows 8.1 a closer lookWindows 8.1 a closer look
Windows 8.1 a closer look
Microsoft TechNet - Belgium and Luxembourg2.8K views
So you’ve successfully installed SCOM… Now what.So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.
Microsoft TechNet - Belgium and Luxembourg4.5K views
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
Microsoft TechNet - Belgium and Luxembourg7.6K views
Deploying and managing ConfigMgr ClientsDeploying and managing ConfigMgr Clients
Deploying and managing ConfigMgr Clients
Microsoft TechNet - Belgium and Luxembourg4.3K views
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
Microsoft TechNet - Belgium and Luxembourg1.2K views
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware UpdatingHands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
Microsoft TechNet - Belgium and Luxembourg3.9K views
SCEP 2012 inside SCCM 2012SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012
Microsoft TechNet - Belgium and Luxembourg3.5K views
Jump start your application monitoring with APMJump start your application monitoring with APM
Jump start your application monitoring with APM
Microsoft TechNet - Belgium and Luxembourg1.2K views
What’s new in Lync Server 2013: Persistent ChatWhat’s new in Lync Server 2013: Persistent Chat
What’s new in Lync Server 2013: Persistent Chat
Microsoft TechNet - Belgium and Luxembourg4.8K views
What's new for Lync 2013 Clients & DevicesWhat's new for Lync 2013 Clients & Devices
What's new for Lync 2013 Clients & Devices
Microsoft TechNet - Belgium and Luxembourg3K views
Office 365 ProPlus: Click-to-run deployment and managementOffice 365 ProPlus: Click-to-run deployment and management
Office 365 ProPlus: Click-to-run deployment and management
Microsoft TechNet - Belgium and Luxembourg11.5K views
Office 365 Identity Management options Office 365 Identity Management options
Office 365 Identity Management options
Microsoft TechNet - Belgium and Luxembourg6.5K views
SharePoint Installation and Upgrade: Untangling Your Options SharePoint Installation and Upgrade: Untangling Your Options
SharePoint Installation and Upgrade: Untangling Your Options
Microsoft TechNet - Belgium and Luxembourg1.7K views
The application model in real lifeThe application model in real life
The application model in real life
Microsoft TechNet - Belgium and Luxembourg1.9K views
Microsoft private cloud with Cisco and Netapp - Flexpod solutionMicrosoft private cloud with Cisco and Netapp - Flexpod solution
Microsoft private cloud with Cisco and Netapp - Flexpod solution
Microsoft TechNet - Belgium and Luxembourg4.4K views
Managing Windows RT devices in the Enterprise Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise
Microsoft TechNet - Belgium and Luxembourg3.3K views
Moving from Device Centric to a User Centric Management Moving from Device Centric to a User Centric Management
Moving from Device Centric to a User Centric Management
Microsoft TechNet - Belgium and Luxembourg4.8K views
Network Management in System Center 2012 SP1 - VMM Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM
Microsoft TechNet - Belgium and Luxembourg2.9K views

Protecting the keys to the castle! - Restricted Admin Credential Exposure