SAINTCON 2023 - Sam Moses - Easy Wins to Make My Job Harder

Discover easy wins to make your job harder, including disabling NTLM, password spraying, and limiting access, and learn how to prepare against common attack paths like weak passwords and blue teams.

Key takeaways
  • Easy wins to make job harder: Disable NTLM authentication; Use password spraying and hash relay; Limit access to services; Enable SMB signing; Set up resticulated command to get the properties of a CA configuration.
  • Common attack path: Uploading of weak passwords; Use of blue teams; Password spraying.
  • SMB signing: It is default disabled, but it should be enabled; It can be required; It can be enabled with group policy.
  • NTLM relay: It can be used to relay NTLM hash; It can be used to get the domain admin hash; It can be used to get the plain text credentials.
  • LLMNR and MBNS: They are less used; They can be disabled; They are not being relied on.
  • Domain admin: It can be used to get the NTML hash; It can be used to get the plain text credentials.

More talks

SAINTCON 2016 - Chris Larsen - Phishing with Dynamite

Git Scenarios: How Do I Fix That? | Rob Richardson

AAD Joined Machines - The New Lateral Movement

37C3 - Unlocking Hardware Security: Red Team, Blue Team, and Trojan Tales

Fighting Climate Change with Django with Erin Mullaney - DjangoCon US 2022

SAINTCON 2016 - Cory Stokes & Derek Larson - Using Security Self Assessment Survey Tools

Angular Community Meetup en Español | March 14th, 2023 | Patricio Vargas, Aileen Villaneuva Lecuona

Q&A with Elviss Strazdiņš