IT Security Horrors That Keep You Up at Night

Size: px
Start display at page:

Download "IT Security Horrors That Keep You Up at Night"

Transcription

1 IT Security Horrors That Keep You Up at Night and How to Stop Them! Brian Johnson 7 Minute Security Jeff Melnick Systems Engineer

2 Agenda Introductions My epic breach response fail (a tale of tears and fears) IT security horrors that keep you up at night and how to stop em! Prize Drawing

3 Who s this guy? Security engineer for 7 Minute Security Podcaster Not famous Jumpy hunter

4 My First Breach Response A Tale of Tears and Fears

5

6

7 Application log

8 System log

9 Security log

10 Firewall log

11 Which made me feel like

12 If that wasn t bad enough Spotty AV deployment Cringe-worthy patching No logging of anything Weak password policy

13 Verdict: burn and rebuild

14 Let us not suffer the same fate!

15 Chucky VS Andy

16 Lets defend Child s Play Inc.!

17 Chucky s attack playbook Phish Andy Abuse bad domain passwords Abuse bad local admin passwords Responder attack SMB signing attack

18 Subject: Pictures of Tiffany!

19 Deleted!

20 Subject: Chucky lives!

21 Subject: Chucky lives!

22 Subject: Chucky lives!

23 Abusing weak passwords 1. Try Winter2017! for all domain users 2. Wait a while Winter2017 Spring2018 Summer2018 Password1 P@ssword Try another weak password 4. Repeat steps 1-3 as necessary

24

25 How do we fix bad passwords? Up the minimum to 15? 20? 30?

26 Fixing bad passwords (per Microsoft) 8+ characters (longer not always better i.e. WinterWinter2017) Educate users to use unique passwords per account Turn on MFA everywhere you can Ban bad passwords (whaaa? How?)

27 Setting your Active Directory password Andy Hi, I d like to change my password to Winter2017! Domain controller Sure one sec, let me check the password requirements!

28 Setting your Active Directory password Andy Domain controller That works thanks much!

29 Banning bad passwords: 3 options 1. CredDefense 2. Pwned Passwords DLL 3. SafePass.me

30 Option 1: CredDefense A suite of tools to help you boost your network defenses! My favorite feature? A better password filter!

31 Setting your Active Directory password + Andy Hi, I d like to change my password to Winter2017! Domain controller Sure one sec, let me check the password requirements!

32 Setting your Active Directory password Andy Domain controller Ok. Let me query CredDefense s bad passwords list +

33 Setting your Active Directory password + Andy Domain controller No can do! This password is on the naughty list!

34 Option 2: PwnedPasswords

35 Option 2: PwnedPasswords Pros: Open source Cons: Requires Visual Studio tinkering

36 Setting your Active Directory password + Andy Hi, I d like to change my password to Winter2017! Domain controller Sure one sec, let me check the password requirements!

37 Setting your Active Directory password + Andy Domain controller Ok. Let me query the Pwned Passwords list

38 Setting your Active Directory password + Andy Domain controller Sorry! Try again!

39 Option 2: PwnedPasswords making custom lists

40 Option 2: PwnedPasswords A word of warning:

41 Option 2: PwnedPasswords Some real world PwnedPasswords stats Company with 11k users: Passwords cracked: 6,000 Passwords in PwnedPasswords database: 1,500 25% of cracked passwords were already pwned!

42 Option 3: SafePass.me Pros: Single ~500mb download in MSI format Easy to install Cons: ~$700 USD Closed source ( What s it doing? )

43 Chucky s attack playbook Phish Andy worked! Abuse bad domain passwords worked! Abuse bad local admin passwords Responder attack SMB signing attack

44 Abusing bad local admin passwords Often the same password across many/all machines!

45 Abusing bad local admin passwords

46 Abusing bad local admin passwords Nica s PC File server ihatechucky server Andy s PC Database server App server

47 LAPS (Local Administrator Password Solution) Free (!) from Microsoft Creates strong/random Administrator password per machine Creds are stored securely in Active Directory

48 LAPS (Local Administrator Password Solution) Requirements: A few GPOs to push LAPS install A workstation to manage LAPS from

49 LAPS (Local Administrator Password Solution)

50 LAPS (Local Administrator Password Solution)

51 Lateral movement? NOPE! File server Nope! ihatechucky Nica s PC Nope! server Nope! Andy s PC Nope! Database server Nope! App server Nope!

52 Full LAPS install write-up

53 Chucky s attack playbook Phish Andy worked! Abuse bad domain passwords worked! Abuse bad local admin passwords worked! Responder attack SMB signing attack

54 Responder attack

55 Responder attack

56 Responder attacks Andy s PC Hey, do you know CP-SRVV01? Sorry, no. DNS server Anybody else? (NBT-NS & LLMNR broadcast) Yes! That s me! Send credentials! You got it! Here it comes! EhhehaeehaheAHAHAHEHAHAOHOAHA!!! Chucky

57

58 Defending against Responder

59 Defending against Responder Careful! Stuff can break!

60 Defending against Responder Comes armed with. ResponderGuard!

61 Defending against Responder

62 Defending against Responder

63 Defending against Responder

64 Chucky s attack playbook Phish Andy worked! Abuse bad domain passwords worked! Abuse bad local admin passwords worked! Responder attack worked! SMB signing attack

65 Abusing SMB signing SMB (Server Message Block) is the file protocol commonly used by Windows Used for client/server file sharing SMB is unsigned in many networks (maybe yours?)

66 Abusing SMB signing

67 Abusing SMB signing

68 Abusing SMB signing

69 Abusing SMB signing Powershell Empire + Responder + Ntlmrelay + DeathStar = FUN!

70 Abusing SMB signing Wait for it

71 Chucky s attack playbook Phish Andy worked! Abuse bad domain passwords worked! Abuse bad local admin passwords worked! Responder attack worked! SMB signing attack worked! Chucky wins! What else could we do to catch him?

72 One more thing: stop Chucky with WEFFLES! WEFFLES (Windows Event Logging Forensic Logging Enhancement Services) Not this!

73 Collecting logs with WEFFLES Nica s PC File server WEFFLES server server Andy s PC Database server App server

74 WEFFLES Event 1102: Somebody cleared the security log!

75 WEFFLES Event 4720: New user accounts created

76 WEFFLES

77 Recap Use good passwords on domain and local accounts CredDefense / PwnedPasswords / LAPS can help! Respond to Responder attacks Turn on SMB signing Not collecting logs? Start free w/weffles! Scan and patch all your network things!

78 NETWRIX AUDITOR Identify, Classify and Secure Sensitive Data

79 About Netwrix Auditor Netwrix Auditor A visibility platform for user behavior analysis and risk mitigation that enables control over changes, configurations and access in hybrid IT environments. It provides security intelligence to identify security holes, detect anomalies in user behavior and investigate threat patterns in time to prevent real damage.

80 Netwrix Auditor Unified Platform Netwrix Auditor Platform Netwrix Auditor for Active Directory Netwrix Auditor for Azure AD Netwrix Auditor for Exchange Netwrix Auditor for Office 365 Netwrix Auditor for Windows Server Netwrix Auditor for Windows File Servers Netwrix Auditor for EMC Netwrix Auditor for NetApp Netwrix Auditor for SharePoint Netwrix Auditor for Network Devices Netwrix Auditor for Oracle Database Netwrix Auditor for SQL Server Netwrix Auditor for VMware

81 INTRODUCING NETWRIX AUDITOR 9.7 Detect and Block Attacks on Your Network Devices Thursday, November 11AM PT / 2 PM ET

82 PRODUCT DEMONSTRATION

83 Next Steps Free trial: Set up Netwrix Auditor in your own test environment netwrix.com/auditor9.7 Virtual appliance: Get Netwrix Auditor up and running in minutes netwrix.com/go/appliance In-browser demo: Run a demo right in your browser with no need to install anything netwrix.com/go/browser_demo Upcoming and on-demand webinars : Join upcoming webinars or watch recorded ones netwrix.com/webinars netwrix.com/webinars#featured

84 Questions?

85 Thank (podcast)

4 Ways Your Organization Can Be Hacked

4 Ways Your Organization Can Be Hacked Behind the Scenes 4 Ways Your Organization Can Be Hacked Brian Johnson President, 7 Minute Security Jeff Melnick Netwrix, Systems Engineer Agenda Quick introductions The ways your organization can be hacked

More information

What s New in Netwrix Auditor 9.7

What s New in Netwrix Auditor 9.7 What s New in Netwrix Auditor 9.7 Jeff Melnick Manager, Pre-Sales Engineering Jeff.Melnick@netwrix.com Agenda What s New in Netwrix Auditor 9.7 Briefly About Netwrix Auditor Q&A Prize Drawing INTRODUCING

More information

The 3 Pillars of SharePoint Security

The 3 Pillars of SharePoint Security The 3 Pillars of SharePoint Security Liam Cleary CEO/Owner SharePlicity Jeff Melnick Systems Engineer Netwrix Corporation AGENDA The Problem Attack Vectors Intranet, Extranet and Public Facing Proactive

More information

Netwrix Auditor. Visibility platform for user behavior analysis and risk mitigation. Mason Takacs Systems Engineer

Netwrix Auditor. Visibility platform for user behavior analysis and risk mitigation. Mason Takacs Systems Engineer Netwrix Auditor Visibility platform for user behavior analysis and risk mitigation Mason Takacs Systems Engineer Agenda Product Overview Product Demonstration Q&A About Netwrix Auditor Netwrix Auditor

More information

Monitoring Active Directory: Both Azure AD and On-Premise AD and How Synchronization and Federation Play In

Monitoring Active Directory: Both Azure AD and On-Premise AD and How Synchronization and Federation Play In Monitoring Active Directory: Both Azure AD and On-Premise AD and How Synchronization and Federation Play In Sponsored by 2016 Monterey Technology Group Inc. Thanks to Made possible by Preview of key points

More information

What s New in Netwrix Auditor 8.0. PRESENTER: Jeff Melnick Manager of Sales Engineering x 971

What s New in Netwrix Auditor 8.0. PRESENTER: Jeff Melnick Manager of Sales Engineering x 971 What s New in Netwrix Auditor 8.0 PRESENTER: Jeff Melnick Manager of Sales Engineering Jeff.Melnick@netwrix.com 888-638-9749 x 971 How to Ask Questions 1. Type your question here 2. Click Send Agenda What

More information

What s New in Netwrix Auditor 9.5

What s New in Netwrix Auditor 9.5 What s New in Netwrix Auditor 9.5 Presenter: Jeff Melnick Systems Engineer Jeff.Melnick@netwrix.com Housekeeping All attendees are on mute Ask your questions! Questions will be answered during the session

More information

Hacker Explains Privilege Escalation: How Hackers Get Elevated Permissions

Hacker Explains Privilege Escalation: How Hackers Get Elevated Permissions Hacker Explains Privilege Escalation: How Hackers Get Elevated Permissions Liam Cleary Solution Architect Protiviti Jeff Melnick Systems Engineer Netwrix Corporation Agenda Elevation Escalation Prevention

More information

Top Critical Changes to Audit

Top Critical Changes to Audit Top Critical Changes to Audit in Microsoft SharePoint PRESENTER: Roy Lopez Systems Engineer Roy.Lopez@netwrix.com 1.201.490.8840 x2833 How to Ask Questions 1. Type your question here 2. Click Send Agenda

More information

Netwrix Auditor. Know Your Data. Protect What Matters. Roy Lopez Solutions Engineer

Netwrix Auditor. Know Your Data. Protect What Matters. Roy Lopez Solutions Engineer Netwrix Auditor Know Your Data. Protect What Matters. Roy Lopez Solutions Engineer Agenda Company overview Briefly about Netwrix Auditor Netwrix Auditor Data Discovery and Classification Edition Product

More information

Product Overview. Netwrix Auditor. Presenter: Jeff Melnick Manager of Sales Engineering x 971

Product Overview. Netwrix Auditor. Presenter: Jeff Melnick Manager of Sales Engineering x 971 Product Overview Netwrix Auditor Presenter: Jeff Melnick Manager of Sales Engineering Jeff.Melnick@netwrix.com 888-638-9749 x 971 About Netwrix Corporation Year of foundation: 2006 Headquarters location:

More information

Withstanding Ransomware Attack: A Step-by-Step Guide Presenter:

Withstanding Ransomware Attack: A Step-by-Step Guide Presenter: Withstanding Ransomware Attack: A Step-by-Step Guide Presenter: Jeff Melnick Manager of Sales Engineering Jeff.Melnick@netwrix.com 888-638-9749 x 971 How to Ask Questions Type your question here Click

More information

Top 5 NetApp Filer Incidents You Need Visibility Into

Top 5 NetApp Filer Incidents You Need Visibility Into Top 5 NetApp Filer Incidents You Need Visibility Into www.netwrix.com Toll-free: 888-638-9749 Table of Contents #1: Failed NetApp Filer Activity #2: Activity Involving Potentially Harmful Files #3: Anomalous

More information

Top 5 Oracle Database Incidents You Need Visibility Into

Top 5 Oracle Database Incidents You Need Visibility Into Top 5 Oracle Database Incidents You Need Visibility Into www.netwrix.com Toll-free: 888-638-9749 Table of Contents #1: Table and Record Deletions #2: Role and Privilege Escalation #3: Failed Activity by

More information

Top 7 Questions to Assess Data Security in the Enterprise

Top 7 Questions to Assess Data Security in the Enterprise Top 7 Questions to Assess Data Security in the Enterprise Presenters: Nick Cavalancia Techvangelism Jeff Melnick Manager, Sales Engineering Jeff.Melnick@netwrix.com 888-638-9749 x 971 Agenda Security Breaches

More information

What the GDPR is and how to deal with it. Russell McDermott Sales Engineer +44 (0) x 2208

What the GDPR is and how to deal with it. Russell McDermott Sales Engineer +44 (0) x 2208 What the GDPR is and how to deal with it Russell McDermott Sales Engineer Russell.Mcdermott@netwrix.com +44 (0) 203 588 3023 x 2208 How to Ask Questions Type your question here Click Send Agenda What the

More information

Outsmarting Ransomware: Hints and Tricks. Netwrix Corporation Adam Stetson System Engineer

Outsmarting Ransomware: Hints and Tricks. Netwrix Corporation Adam Stetson System Engineer Outsmarting Ransomware: Hints and Tricks Netwrix Corporation Adam Stetson System Engineer How to Ask Questions Type your question here Click Send Agenda Ransomware Trends 9 Hints and Tricks: How to Outsmart

More information

Tracking changes in Hybrid Identity environments with both Active Directory and Azure Active Directory

Tracking changes in Hybrid Identity environments with both Active Directory and Azure Active Directory Tracking changes in Hybrid Identity environments with both Active Directory and Azure Active Directory Presenters: Sander Berkouwer Senior Consultant at SCCT 10-fold Microsoft MVP Active Directory aficionado

More information

Become an Active Directory Auditing Superstar: an all-in-one guide!

Become an Active Directory Auditing Superstar: an all-in-one guide! Become an Active Directory Auditing Superstar: an all-in-one guide! Part 2: Deep Dive Speakers Adam Bertram Microsoft MVP, Technical Writer Jeff Melnick Manager, Sales Engineering Jeff.Melnick@netwrix.com

More information

Don't 'WannaCry' No More: How to Shield Your IT Infrastructure from Ransomware. Netwrix Corporation Roy Lopez System Engineer

Don't 'WannaCry' No More: How to Shield Your IT Infrastructure from Ransomware. Netwrix Corporation Roy Lopez System Engineer Don't 'WannaCry' No More: How to Shield Your IT Infrastructure from Ransomware Netwrix Corporation Roy Lopez System Engineer How to Ask Questions Type your question here Click Send Agenda Ransomware Trends

More information

Back to Basics IT Infrastructure Configuration Tips & Tricks Active Directory / Group Policy / Exchange

Back to Basics IT Infrastructure Configuration Tips & Tricks Active Directory / Group Policy / Exchange Back to Basics IT Infrastructure Configuration Tips & Tricks Active Directory / Group Policy / Exchange Presenter: Danny Murphy Sr. Sales Engineer, Netwrix Corporation Danny.Murphy@netwrix.com +44 (0)

More information

Summoning the Password Cracking Beast

Summoning the Password Cracking Beast Password 123456 Summoning the Password Cracking Beast Brian Johnson Security Enthusiast / Podcaster 7 Minute Security Jeff Melnick Solutions Engineer Netwrix Agenda Introduction Build an awesome cloud-based

More information

Netwrix Virtual. Customer Summit 2016

Netwrix Virtual. Customer Summit 2016 Netwrix Virtual Customer Summit 2016 Welcome Michael Fimin Chief Executive Officer Phone: 1.949.407.5125 x1057 Email: Michael.Fimin@netwrix.com linkedin.com/in/michaelfimin Agenda Michael Fimin Chief Executive

More information

Expert Webinar: Hacking Your Windows IT Environment

Expert Webinar: Hacking Your Windows IT Environment Expert Webinar: Hacking Your Windows IT Environment Presenters: Liam Cleary Microsoft MVP, Blogger helloitsliam@protonmail.com Jeff Melnick Pre-Sales Director, Netwrix Jeff.Melnick@netwrix.com www.helloitsliam.com

More information

How to Survive an IT Audit and Thrive Off It!

How to Survive an IT Audit and Thrive Off It! How to Survive an IT Audit and Thrive Off It! Presenter: Adam Stetson Presales Engineer Adam.Stetson@netwrix.com 1.201.490.8840 x2907 Agenda Compliance Overview Continuous Compliance Control Processes

More information

Netwrix Auditor for File Servers and SQL Server

Netwrix Auditor for File Servers and SQL Server Product Demo Netwrix Auditor for File Servers and SQL Server Presenter: Bradford Eadie Presales Engineer Bradford.Eadie@netwrix.com 1.201.490.8840 x2822 About Netwrix Corporation Year of foundation: 2006

More information

Spectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment. Orin Jeff Melnick

Spectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment. Orin Jeff Melnick Spectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment Orin Thomas @orinthomas Jeff Melnick Jeff.Melnick@Netwrix.com In this session Vulnerability types Spectre Meltdown Spectre

More information

HOW TO MAXIMIZE THE VALUE OF YOUR SPLUNK INVESTMENT. PRESENTER: Adam Stetson Presales Engineer

HOW TO MAXIMIZE THE VALUE OF YOUR SPLUNK INVESTMENT. PRESENTER: Adam Stetson Presales Engineer HOW TO MAXIMIZE THE VALUE OF YOUR SPLUNK INVESTMENT PRESENTER: Adam Stetson Presales Engineer Adam.Stetson@netwrix.com 1.201.490.8840 x2907 About Netwrix Corporation Year of foundation: 2006 Headquarters

More information

Keeping Tabs on the Top 3 Critical SharePoint Changes with Netwrix Auditor

Keeping Tabs on the Top 3 Critical SharePoint Changes with Netwrix Auditor Keeping Tabs on the Top 3 Critical SharePoint Changes with Netwrix Auditor www.netwrix.com Toll-free: 888.638.9749 Table of Contents #1: SharePoint Site Changes #2: SharePoint Content Changes #3: SharePoint

More information

Install and Configure Active Directory Domain Services

Install and Configure Active Directory Domain Services Active Directory 101 Install and Configure Active Directory Domain Services Sander Berkouwer CTO at SCCT 10-fold Microsoft MVP Active Directory aficionado Daniel Goater Systems Engineer Netwrix Active

More information

How Breaches Really Happen

How Breaches Really Happen How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability

More information

Premediation. The Art of Proactive Remediation. Matthew McWhirt, Senior Manager Manfred Erjak, Principal Consultant OCTOBER 1 4, 2018 WASHINGTON, D.C.

Premediation. The Art of Proactive Remediation. Matthew McWhirt, Senior Manager Manfred Erjak, Principal Consultant OCTOBER 1 4, 2018 WASHINGTON, D.C. Premediation The Art of Proactive Remediation Matthew McWhirt, Senior Manager Manfred Erjak, Principal Consultant OCTOBER 1 4, 2018 WASHINGTON, D.C. Overview Case Study Remediation Overview Premediation

More information

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office

More information

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO INFORMATION SECURITY PAINS CISO RESPONSIBILITY WITHOUT AUTHORITY INVENTORY TO MANAGE ALERTS WITHOUT MEANING ASSETS SPREAD ACROSS

More information

PCI DSS Requirements. and Netwrix Auditor Mapping. Toll-free:

PCI DSS Requirements. and Netwrix Auditor Mapping.  Toll-free: PCI DSS Requirements and Netwrix Auditor Mapping www.netwrix.com Toll-free: 888-638-9749 About PCI DSS The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance

More information

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model

More information

Computers Gone Rogue. Abusing Computer Accounts to Gain Control in an Active Directory Environment. Marina Simakov & Itai Grady

Computers Gone Rogue. Abusing Computer Accounts to Gain Control in an Active Directory Environment. Marina Simakov & Itai Grady Computers Gone Rogue Abusing Computer Accounts to Gain Control in an Active Directory Environment Marina Simakov & Itai Grady Motivation Credentials are a high value target for attackers No need for 0-day

More information

ISO/IEC Controls

ISO/IEC Controls ISO/IEC 27001 Controls and Netwrix Auditor Mapping www.netwrix.com Toll-free: 888-638-9749 About ISO/IEC 27001 ISO/IEC 27001 is an international standard that provides requirements for establishing, implementing,

More information

7 EASY ATTACKS AGAINST ACTIVE DIRECTORY

7 EASY ATTACKS AGAINST ACTIVE DIRECTORY NEW TITLE: 7 EASY ATTACKS AGAINST ACTIVE DIRECTORY And How to Prevent Them Through Good Practices and a Little Group Policy ABOUT ME Kevin McBride Security Specialist at Meridian Credit Union 12 years

More information

Manage and Maintain Active Directory Domain Services

Manage and Maintain Active Directory Domain Services Active Directory 101 Manage and Maintain Active Directory Domain Services Sander Berkouwer CTO at SCCT 10-fold Microsoft MVP Active Directory aficionado Daniel Goater Systems Engineer Netwrix Active Directory

More information

Go mobile. Stay in control.

Go mobile. Stay in control. Go mobile. Stay in control. Enterprise Mobility + Security Jeff Alexander Sr. Technical Evangelist http://about.me/jeffa36 Mobile-first, cloud-first reality 63% 80% 0.6% Data breaches Shadow IT IT Budget

More information

SOX/COBIT Framework. and Netwrix Auditor Mapping. Toll-free:

SOX/COBIT Framework. and Netwrix Auditor Mapping.  Toll-free: SOX/COBIT Framework and Netwrix Auditor Mapping www.netwrix.com Toll-free: 888-638-9749 About SOX All public companies in the U.S. are subject to Sarbanes Oxley (SOX) compliance without exceptions. SOX

More information

How the Privileged User Stole Christmas

How the Privileged User Stole Christmas Netwrix Security Talk How the Privileged User Stole Christmas Dave Matthews Systems Engineer at Netwrix Agenda 1. Issues security pros are talking about 2. Privileged User Portrait 3. Privileged Account

More information

Netwrix Auditor for SQL Server

Netwrix Auditor for SQL Server Netwrix Auditor for SQL Server Quick-Start Guide Version: 9.5 10/25/2017 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment from

More information

Colin Gibbens Director, Product Management

Colin Gibbens Director, Product Management SOAR = Human Intelligence and Creativity at Speed of Machine Abhishek Narula EVP, Head of Product and Engineering Colin Gibbens Director, Product Management 1 2 What is Security Orchestration Why do I

More information

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2, IT Security Training MS-500: Microsoft 365 Security Administration $2,595.00 4 Days Upcoming Dates Course Description Day 1: Managing Microsoft 365 Identity and Access (MS-500T01-A) Help protect against

More information

HIPAA Requirements. and Netwrix Auditor Mapping. Toll-free:

HIPAA Requirements. and Netwrix Auditor Mapping.  Toll-free: HIPAA Requirements and Netwrix Auditor Mapping www.netwrix.com Toll-free: 888-638-9749 About HIPAA The Health Insurance Portability and Accountability Act (HIPAA) is a set of standards created by Congress

More information

Rick Redman, Title, KoreLogic Governance, Risk & Compliance G24

Rick Redman, Title, KoreLogic Governance, Risk & Compliance G24 Succe What Audits Miss & How Penetration Testers Abuse Those Gaps Rick Redman, Title, KoreLogic Governance, Risk & Compliance G24 CRISC CGEIT CISM CISA Intro Rick Redman / Minga / @CrackMeIfYouCan KoreLogic.com

More information

10 Ways Credit Unions Get PWNED

10 Ways Credit Unions Get PWNED 10 Ways Credit Unions Get PWNED NASCUS 2017 Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor. Intro I am going to share with

More information

Assessing Your Incident Response Capabilities Do You Have What it Takes?

Assessing Your Incident Response Capabilities Do You Have What it Takes? Assessing Your Incident Response Capabilities Do You Have What it Takes? March 31, 2017 Presenters Tim L. Bryan, CPA/CFF/CITP, CISA, EnCE Director, Advisory Services Forensic Technology & Investigation

More information

Netwrix Auditor Add-on for Solarwinds Log & Event Manager

Netwrix Auditor Add-on for Solarwinds Log & Event Manager Netwrix Auditor Add-on for Solarwinds Log & Event Manager Quick-Start Guide Version: 9.5 10/4/2017 Legal Notice The information in this publication is furnished for information use only, and does not constitute

More information

Windows 10. scalable IT services & solutions. October 25, Bruce Ward, VP of Business Strategy. Dan Sharp, Senior Consultant

Windows 10. scalable IT services & solutions. October 25, Bruce Ward, VP of Business Strategy. Dan Sharp, Senior Consultant Windows 10 October 25, 2018 Helping you grow your business with Bruce Ward, VP of Business Strategy scalable IT services & solutions Dan Sharp, Senior Consultant for today s challenges & tomorrow s vision.

More information

Engineering Robust Server Software

Engineering Robust Server Software Engineering Robust Server Software Defense In Depth You Are Building YourAwesomeSite.com Django Built In Authen Sanitization Distrust clients Use all the best practices you know 2 You Are Building YourAwesomeSite.com

More information

Responder for Purple Teams

Responder for Purple Teams Responder for Purple Teams Responder for Purple Teams whoami Why this talk? Responder Overview Related Tools WPAD Attack Analyse Mode Defense whoami Full-Spectrum Cyber Person Nearly 20 years of this stuff

More information

Microsoft Exam

Microsoft Exam Volume: 59 Questions Question: 1 Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2016. You create

More information

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches

More information

PCI Compliance Assessment Module with Inspector

PCI Compliance Assessment Module with Inspector Quick Start Guide PCI Compliance Assessment Module with Inspector Instructions to Perform a PCI Compliance Assessment Performing a PCI Compliance Assessment (with Inspector) 2 PCI Compliance Assessment

More information

One-Click to OWA Track 3. William Martin

One-Click to OWA Track 3. William Martin One-Click to OWA Track 3 William Martin (@QuickBreach) > whoami William Martin OSCP Penetration Tester Supervisor at RSM US LLP in Charlotte, NC First time presenting at DEFCON Twitter: @QuickBreach >

More information

Installation of LAPS Password Management Demo Deployment

Installation of LAPS Password Management Demo Deployment Installation of LAPS Password Management Demo Deployment Version: 1.0 Last Modified: 2017.11.2 Installation The content of this document is property of Omni Technology Solutions, Inc. All Rights Reserved.

More information

Ethical Hackers Perspective Things that Make a Hacker's Job Easy

Ethical Hackers Perspective Things that Make a Hacker's Job Easy WEALTH ADVISORY OUTSOURCING AUDIT, TAX, AND CONSULTING Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor Ethical Hackers Perspective

More information

Critical Hygiene for Preventing Major Breaches

Critical Hygiene for Preventing Major Breaches SESSION ID: CXO-F02 Critical Hygiene for Preventing Major Breaches Jonathan Trull Microsoft Enterprise Cybersecurity Group @jonathantrull Tony Sager Center for Internet Security @CISecurity Mark Simos

More information

Un SOC avanzato per una efficace risposta al cybercrime

Un SOC avanzato per una efficace risposta al cybercrime Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat

More information

Windows. Not just for houses

Windows. Not just for houses Windows Not just for houses Everyone Uses Windows! (sorry James!) Users Accounts to separate people on a computer Multiple user accounts on a computer Ex) shared family computer Access level can be set

More information

A YEAR OF PURPLE. By Ryan Shepherd

A YEAR OF PURPLE. By Ryan Shepherd A YEAR OF PURPLE By Ryan Shepherd WHOAMI DETECTION and RESPONSE Investigator for Countercept Threat Hunter PURPLE Team Consultant Offensive Security Certified Professional (OSCP) Crest Registered Intrusion

More information

HIPAA Compliance Assessment Module

HIPAA Compliance Assessment Module Quick Start Guide HIPAA Compliance Assessment Module Instructions to Perform a HIPAA Compliance Assessment Performing a HIPAA Compliance Assessment 2 HIPAA Compliance Assessment Overview 2 What You Will

More information

Netwrix Auditor. Administration Guide. Version: /31/2017

Netwrix Auditor. Administration Guide. Version: /31/2017 Netwrix Auditor Administration Guide Version: 9.5 10/31/2017 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment from Netwrix Corporation

More information

Netwrix Auditor Add-on for Privileged User Monitoring

Netwrix Auditor Add-on for Privileged User Monitoring Netwrix Auditor Add-on for Privileged User Monitoring Quick-Start Guide Version: 9.6 5/8/2018 Legal Notice The information in this publication is furnished for information use only, and does not constitute

More information

About The Presentation 11/3/2017. Hacker HiJinx-Human Ways to Steal Data. Who We Are? Ethical Hackers & Security Consultants

About The Presentation 11/3/2017. Hacker HiJinx-Human Ways to Steal Data. Who We Are? Ethical Hackers & Security Consultants November 3, 2017 Hacker HiJinx-Human Ways to Steal Data Who We Are? Ethical Hackers & Security Consultants Respond To Incidents & Breaches Perform Digital Forensic Investigations Data Mine Internet Intelligence

More information

Exchange Server Installation on Windows Server 2019 Core Edition

Exchange Server Installation on Windows Server 2019 Core Edition Exchange Server 2019- Installation on Windows Server 2019 Core Edition Hussain Shakir LinkedIn: https://www.linkedin.com/in/mrhussain Twitter: https://twitter.com/hshakir_ms Blog: http://mstechguru.blogspot.com/

More information

"Charting the Course... MOC C: Securing Windows Server Course Summary

Charting the Course... MOC C: Securing Windows Server Course Summary Course Summary Description This five-day, instructor-led course teaches IT professionals how they can enhance the security of the IT infrastructure that they administer. This course begins by emphasizing

More information

Evolution Of Cyber Threats & Defense Approaches

Evolution Of Cyber Threats & Defense Approaches Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm Agenda About State Farm Evolution

More information

John Coggeshall Copyright 2006, Zend Technologies Inc.

John Coggeshall Copyright 2006, Zend Technologies Inc. PHP Security Basics John Coggeshall Copyright 2006, Zend Technologies Inc. Welcome! Welcome to PHP Security Basics Who am I: John Coggeshall Lead, North American Professional Services PHP 5 Core Contributor

More information

ForeScout ControlFabric TM Architecture

ForeScout ControlFabric TM Architecture ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%

More information

Crash course in Azure Active Directory

Crash course in Azure Active Directory Crash course in Azure Active Directory Crash course in Azure Active Directory Competing today requires a focus on digital transformation and empowering everyone to be creative and work together securely.

More information

Securing Windows Server 2016

Securing Windows Server 2016 Course 20744C: Securing Windows Server 2016 Page 1 of 7 Securing Windows Server 2016 Course 20744C: 4 days; Instructor-Led Introduction This four-day, instructor-led course teaches IT professionals how

More information

Jordan Levesque - Keeping your Business Secure

Jordan Levesque - Keeping your Business Secure Jordan Levesque - Keeping your Business Secure Review of PCI Benefits of hosting with RCS File Integrity Monitoring Two Factor Log Aggregation Vulnerability Scanning Configuration Management and Continuous

More information

Remote social engineering techniques involving Microsoft Universal Naming Convention (UNC) function.

Remote social engineering techniques involving Microsoft Universal Naming Convention (UNC) function. 10 March 2016 Remote social engineering techniques involving Microsoft Universal Naming Convention (UNC) function. Presented by Neil Lines Who am I? Neil Lines - Pen Tester Involved in a range of security

More information

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches Introduction No matter how hard you work to educate your employees about the constant and evolving threats

More information

Windows. Not just for houses

Windows. Not just for houses Windows Not just for houses Windows 110 Windows Server Essentially a jacked up windows 8 box Still GUI based Still makes no sense No start menu :( (Install classic shell)... trust me... Windows Server

More information

Welcome! Ready To Secure Access to Your Microsoft Applications?

Welcome! Ready To Secure Access to Your Microsoft Applications? Welcome! Ready To Secure Access to Your Microsoft Applications? During the Webinar Audio In presentation mode until end Control Panel View webinar in full screen mode Feel Free to submit written questions

More information

SECURITY INSIDE THE PERIMETER - THE CALL IS COMING FROM INSIDE THE HOUSE

SECURITY INSIDE THE PERIMETER - THE CALL IS COMING FROM INSIDE THE HOUSE SECURITY INSIDE THE PERIMETER - THE CALL IS COMING FROM INSIDE THE HOUSE Event Code: #ILTALSS #LSS17 Date: June 13, 2017 Time: 3:00 PM - 4:00 PM ET Location: Salon I SECURITY INSIDE THE PERIMETER THE CALL

More information

Microsoft Intune App Protection Policies Integration. VMware Workspace ONE UEM 1811

Microsoft Intune App Protection Policies Integration. VMware Workspace ONE UEM 1811 Microsoft Intune App Protection Policies Integration VMware Workspace ONE UEM 1811 Microsoft Intune App Protection Policies Integration You can find the most up-to-date technical documentation on the VMware

More information

Enterprise Ransomware Mitigations

Enterprise Ransomware Mitigations 打造數碼安全校園 Enterprise Ransomware Mitigations Windows 10, Edge Browser, Office ATP Enterprise Mobility Suite (EMS) ATP OneDrive for Business Azure Backup 3rd party Cloud Backup THE WINDOWS CLIENT DEFENSE

More information

Staying Safe Online. My Best Internet Safety Tips. and the AgeWell Computer Education Center.

Staying Safe Online. My Best Internet Safety Tips. and the AgeWell Computer Education Center. Staying Safe Online My Best Internet Safety Tips and the AgeWell Computer Education Center Welcome to our first Webinar of 2017! Agenda o How to use the Webinar Room o Upcoming CEC Classes o My tips for

More information

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14 Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.

More information

Netwrix Auditor. Visibility Platform for User Behavior Analysis. and Risk Mitigation in Hybrid IT Environments.

Netwrix Auditor. Visibility Platform for User Behavior Analysis. and Risk Mitigation in Hybrid IT Environments. Netwrix Auditor Visibility Platform for User Behavior Analysis and Risk Mitigation in Hybrid IT Environments www.wssitalia.it 01 Product Overview Netwrix Auditor Platform Netwrix Auditor is a visibility

More information

Hybrid Identity de paraplu in de cloud

Hybrid Identity de paraplu in de cloud EXPERTS LIVE SUMMER NIGHT Hybrid Identity de paraplu in de cloud Robbert van der Zwan TSP EM+S Netherlands EXPERTS LIVE SUMMER NIGHT Robbert van der Zwan Robbert works as an Enterprise Mobility and Security

More information

Nano Server in Windows Server An AMA with Andrew Mason from Microsoft

Nano Server in Windows Server An AMA with Andrew Mason from Microsoft Nano Server in Windows Server 2016 An AMA with Andrew Mason from Microsoft info@altaro.com www.altaro.com Agenda info@altaro.com www.altaro.com Andy Syrewicze Twitter - @asyrewicze Blog http://www.altaro.com/hyper-v

More information

[ Sean TrimarcSecurity.com ]

[ Sean TrimarcSecurity.com ] Securing the Microsoft Cloud (Office 365 & Azure AD) Sean Metcalf Founder, Trimarc Presenter bio Sean Metcalf Founder & CTO, Trimarc One of ~100 people globally who holds the Microsoft Certified Master

More information

Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection

Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection Azure Active Directory 3 rd Party IaaS IaaS Rights Management Services

More information

RastaLabs Red Team Simulation Lab

RastaLabs Red Team Simulation Lab RastaLabs Red Team Simulation Lab LAB OUTLINE Description RastaLabs is a virtual Red Team Simulation environment, designed to be attacked as a means of learning and honing your engagement skills. The focus

More information

Cyber Security Defense-In-depth RICH KINAS ORLANDO UTILITIES COMMISSION COMPLIANCE SPRING WORKSHOP MAY 9-10, 2017

Cyber Security Defense-In-depth RICH KINAS ORLANDO UTILITIES COMMISSION COMPLIANCE SPRING WORKSHOP MAY 9-10, 2017 1 Cyber Security Defense-In-depth RICH KINAS ORLANDO UTILITIES COMMISSION COMPLIANCE SPRING WORKSHOP MAY 9-10, 2017 Overview 2 Defense-In-Depth Verses layered defense Verses Enhanced Security NERC Reliability

More information

Microsoft 365 powered device webinar series Microsoft 365 powered device Assessment Kit. Alan Maddison, Architect Amit Bhatia, Architect

Microsoft 365 powered device webinar series Microsoft 365 powered device Assessment Kit. Alan Maddison, Architect Amit Bhatia, Architect Microsoft 365 powered device webinar series Microsoft 365 powered device Assessment Kit Alan Maddison, Architect Amit Bhatia, Architect Why did we create the Assessment kit? Assessment objectives Assess

More information

ArcGIS Enterprise Security: Advanced. Gregory Ponto & Jeff Smith

ArcGIS Enterprise Security: Advanced. Gregory Ponto & Jeff Smith Enterprise Security: Advanced Gregory Ponto & Jeff Smith Agenda Focus: Security best practices for Enterprise Server Portal for 10.5.x Features Strongly Recommend: Knowledge of Server and Portal for Security

More information

Designing and Building a Cybersecurity Program

Designing and Building a Cybersecurity Program Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity

More information

Well, That Escalated Quickly! How abusing the Docker API Led to Remote Code Execution, Same Origin Bypass and Persistence in the Hypervisor via

Well, That Escalated Quickly! How abusing the Docker API Led to Remote Code Execution, Same Origin Bypass and Persistence in the Hypervisor via Well, That Escalated Quickly! How abusing the Docker API Led to Remote Code Execution, Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers. Michael Cherny @chernymi Sagie Dulce @SagieSec

More information

Who am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB

Who am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB @markmorow Who am I? Identity Product Group, CXP Team Premier Field Engineer SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB Active Directory Domain Services On-premises App Server Validate credentials

More information

Netwrix Auditor. Virtual Appliance and Cloud Deployment Guide. Version: /25/2017

Netwrix Auditor. Virtual Appliance and Cloud Deployment Guide. Version: /25/2017 Netwrix Auditor Virtual Appliance and Cloud Deployment Guide Version: 9.5 10/25/2017 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment

More information

Moving from Reactive to Proactive Security. Sami Laiho Adminize / Intility Senior Technical Fellow, MVP April 28 th New-York City

Moving from Reactive to Proactive Security. Sami Laiho Adminize / Intility Senior Technical Fellow, MVP April 28 th New-York City Moving from Reactive to Proactive Security Sami Laiho Adminize / Intility Senior Technical Fellow, MVP April 28 th New-York City Thanks to our Organizers! Tome Tanasovski PowerShell MVP Blog: http://powertoe.wordpress.com/

More information

Netwrix Auditor. Intelligence Guide. Version: /30/2018

Netwrix Auditor. Intelligence Guide. Version: /30/2018 Netwrix Auditor Intelligence Guide Version: 9.7 11/30/2018 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment from Netwrix Corporation

More information