Pass the Hash and Other Credential Theft - Reuse - Mitigating Risk
Overview
Explore the critical issue of credential theft and reuse in this 40-minute Black Hat USA 2013 conference talk. Delve into the widespread problem of Pass the Hash (PtH) attacks and learn about Microsoft's recommended mitigations. Gain insights from Mark Simos and Patrick Jungles, members of Microsoft's dedicated workgroup, as they discuss practical solutions for immediate implementation and future platform modifications. Discover strategies to protect privileged accounts, understand the implications of disabling NTLM, and explore new platform changes including Remote Desktop modifications. Examine the concept of Authentication Policies Silos and their role in Active Directory Authentication. Learn about LSA Protection in Windows Server 2012 and its impact on Pass the Hash attacks. Acquire valuable knowledge to enhance your organization's cybersecurity posture and mitigate the risks associated with credential theft and reuse.
Syllabus
Introduction
Overview
Problem Scenario
Example Scenario
Usability Problem
Whitepaper
Protect privileged accounts
Disabling NTLM
New stuff
Platform changes
Remote Desktop changes
Will there be a new model
Demo
Authentication Policies Silos
Active Directory Authentication
Active Directory Authentication Principles
Authentication Policy Silos
Authentication Policy Sections
User Policy Sections
Kerberos
LSA Protection
Windows Server 2012 Documentation
Pass the Hash
Contact Information
Taught by
Black Hat