- Oct 1, 2017
- 24
Description:
Windows credentials are arguably the largest vulnerability affecting the modern enterprise. Credential harvesting is goal number one post-exploitation, and hence it provides an appealing funnel point for identifying attacks early in the kill chain. Unfortunately, credentials are diverse and numerous in Windows, and so are the attacks. With significant credential theft mitigations released in Win8.1, Win10 and Server 2012/2016, both red and blue teams require an enhanced understanding of Windows credentials. Red teamers may suddenly find their favorite techniques obsolete, while the blue team needs to take advantage of available mitigation techniques as soon as possible. Credential types, attack tools, and mitigation will all be discussed, giving insight into both sides of the equation.
Speaker Bio
Chad Tilbury
Chad has nearly 20 years of experience working with government agencies, defense contractors, and Fortune 500 companies. And his case list looks like it's been pulled straight from those spy novels he grew up reading: murder, abduction, espionage, fraud, hacking, intellectual property theft, child exploitation, terrorism, and computer intrusions. He has served as a Special Agent with the Air Force Office of Special Investigations, where he investigated and conducted computer forensics for a variety of crimes and ushered counter-espionage techniques into the digital age. Chad has also led international forensic teams and was selected to provide computer forensic support to the United Nations Weapons Inspection Team. He is a technical director at CrowdStrike, where he specializes in incident response, corporate espionage, and computer forensics. Here at SANS, Chad is a senior instructor and co-author for two six-day courses: FOR500: Windows Forensic Analysis, which focuses on the core skills required to become a certified forensic practitioner, and FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting, which teaches sophisticated computer intrusion analysis and advanced threat hunting techniques.
Category
-----
Really interesting content. I for one deal with Microsoft's Advanced Threat Analytics (ATA) and see some of those attacks in action, real world scenarios.
