We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
SAINTCON 2023 - Sam Moses - Easy Wins to Make My Job Harder
Discover easy wins to make your job harder, including disabling NTLM, password spraying, and limiting access, and learn how to prepare against common attack paths like weak passwords and blue teams.
- Easy wins to make job harder: Disable NTLM authentication; Use password spraying and hash relay; Limit access to services; Enable SMB signing; Set up resticulated command to get the properties of a CA configuration.
- Common attack path: Uploading of weak passwords; Use of blue teams; Password spraying.
- SMB signing: It is default disabled, but it should be enabled; It can be required; It can be enabled with group policy.
- NTLM relay: It can be used to relay NTLM hash; It can be used to get the domain admin hash; It can be used to get the plain text credentials.
- LLMNR and MBNS: They are less used; They can be disabled; They are not being relied on.
- Domain admin: It can be used to get the NTML hash; It can be used to get the plain text credentials.