Explore credential assessment mapping and privilege escalation techniques in this comprehensive conference talk from Derbycon 2015. Delve into major breaches, including Target and Home Depot, and analyze missed alarms and industry responses. Examine credential theft methods, Windows password vulnerabilities, and malware detection strategies. Learn about defending against these attacks through authentication policies, firewall configurations, and remote desktop security. Investigate offensive techniques such as password reuse, brute force attacks, and hash capture. Gain insights into preventing domain compromise and implementing effective security measures to protect against large-scale credential-based attacks.
Overview
Syllabus
Intro
Motivation
Major Breaches
Target Breach
Home Depot Breach
Missed Alarms
The Biggest Issue
US Senate Report
Summary
Las Vegas Sands
Saudi Aramco
Industry Response
Credential Theft
Malware Detection
Windows Passwords
MiniCATs
Boring Alternatives
Defending Against This
Hand Diagram
Credentials
hashes
why did this fail
local administrators group
check nondefault registry keys
force guests
special rights assignment
firewall policies
remote desktop
false positives
test domain
reused credentials
domain compromise
whats the biggest deal
how to prevent this
authentication policies in silos
what can we do offensively
password reuse
brute force
hash cap
check
