Presented at
DerbyCon 6.0 Recharge (2016),
Sept. 24, 2016, 9 a.m.
(50 minutes).
Bruce Schneier sums up credential theft much better than I can. He said the following in a blog post earlier this year:
The most common way hackers of all stripes, from criminals to hacktivists to foreign governments, break into networks is by stealing and using a valid credential. Rob Joyce, the head of the NSA’s Tailored Access Operations (TAO) group -- basically the country’s chief hacker -- gave a rare public talk at a conference in January. In essence, he said that zero-day vulnerabilities are overrated, and credential stealing is how he gets into networks. Stealing a valid credential and using it to access a network is easier, less risky, and ultimately more productive than using an existing vulnerability, even a zero-day.
Privileged Access Workstations (PAWs) are hardened admin workstations implemented to protect privileged accounts. In this talk I will discuss my lessons learned while deploying PAWs in the real world as well as other techniques I’ve used to limit exposure to credential theft and lateral movement. I hope to show fellow blue teamers these types of controls are feasible to implement, even in small environments.
Presenters:
Similar Presentations: