Expert Webinar: Hacking Your Windows IT Environment

Size: px
Start display at page:

Download "Expert Webinar: Hacking Your Windows IT Environment"

Transcription

1 Expert Webinar: Hacking Your Windows IT Environment Presenters: Liam Cleary Microsoft MVP, Blogger Jeff Melnick Pre-Sales Director, Netwrix

2 Housekeeping All attendees are on mute Ask your questions! Questions will be answered during the session or at the Q&A at the end You will receive a copy of slides and webinar recording in the follow-up Duration: Up to 60 minutes Type your question here Click Send We hope you enjoy!

3 Win one of three $100 Amazon egift Card We will randomly draw 3 people s names at the end of the Webinar You must be present at the end of the webinar to be eligible We will contact all winners after the webinar Ask your questions and be active! $100

4 Agenda Attacks Understanding attacks Attack methods Exploitation process Protection Patch management General protections Monitoring General approaches Netwrix Auditor

5 Understanding Attacks

6 Understanding Attacks Vulnerability Exploit Threat Vulnerabilities are entry points into an application or even hardware that allow usage in a way that it was not intended. Attackers can use the vulnerabilities for gleaning information about the current security defenses in place. With vulnerabilities, hackers are typically attempting to solve a puzzle about what they can get away with before they attack

7 Understanding Attacks Vulnerability Exploit Threat An exploit is normally some kind of package that understands an known vulnerability and executes arbitrary code or processes. Exploits can take place behind firewalls where they're harder to spot, and can cause irreparable damage when gone undetected.

8 Understanding Attacks Vulnerability Exploit Threat A threat refers to the hypothetical event wherein a hacker uses a vulnerability. The threat itself will normally have an exploit involved, as well as other processes and tools.

9 Attack Rules of Engagement Intelligence gathering Vulnerability analysis Exploitation Post exploitation and reporting

10 Types of Attacks Phishing SQL Injection Cross-site Scripting Malware Session Hijacking Man-in-the-middle Credential Reuse Denial-of-service

11 Application Specific Attack Methods Test manual access Brute force web access Authentication test Web service scanning Database attack Remote desktop test

12 Client Side Application Attacks Client side controls Authentication sessions Back end components Users Web applications

13 The Attack Process

14 The Attack Process Scan firewall Scan IP ranges Scan devices Specific application attacks Active directory attack Database attack

15 Scanning Ping Sweeps Send ICMP/TCP packets to return Active devices and servers Port Scans Protocol specific interrogation of devices and servers Inverse Mapping Exclude devices and servers, that don t respond

16 Network Server Scanning ICMP/TCP PORTS

17 Network Device Scanning ICMP/TCP PORTS

18 Network, Port and Service Scanning Ping sweeps AngryIP scanner Nmap port scan Metasploit PowerSploit Manual

19 Exploitation Process

20 Exploitation Steps Identify Vulnerability Identify Exploit Create Payload Generate Code Select Module Framework Create Listener

21 Exploitation Steps Remote Access Exploit Save & Executed Remote Shell Remote Command Execution Weapon Delivery Remote Web Backdoor Opened

22 Pivoting Access direct to target / no access beyond target Utilize target to proxy requests Return X/24 Meterpreter Scan run get_local_subnet Proxy X/ X/24

23 Pivoting Commands # Get local subnets on target run get_local_subnet background # Add route to send subnet traffic over current session Route add # Use Meterpreter routing to Pivot Traffic ifconfig run arp_scanner -r /24

24 Port Forwarding Forward traffic to target, then forward to none visible targets Attacker uses local port Target forwards request on chosen port Local Port 3389 Relay Remote Port X/ X/24

25 Port Forwarding Commands # Forward Ports between Local Machine and Target portfwd add -l p r portfwd list # Remote Desktop locally rdesktop

26 Token Stealing and Impersonation Incognito used to retrieve current Tokens Impersonate using a retrieved Token Relay X/ X/24

27 Pivoting Commands # Grab the current Process List ps # Steal Tokens steal_token 380 # Use Incognito load incognito # List Current Tokens, then elevate account permissions list_tokens -u impersonate_token DOMAIN\user

28 Protecting the Environment

29 Patching your windows environments Global Patch Critical operating system updates Limited Release Patch From the field patches, covers specific issues Monthly Rollup Standard full roll-up for ALL released patches

30 Patching your windows environments Patch Only install patches that match current level If patch resolves current issue If patch is a security update Don t Patch Unless current service pack, don t deploy Multiple hotfixes versus Latest released service Inconsistency across servers

31 General Server Protection Application Firewall Inspect ALL Traffic Perimeter Firewall Access Control Traffic Operating System Firewall Monitor

32 General Device Protection Device Firewall Inspect ALL Traffic Perimeter Firewall Access Control Traffic Block Ports Monitor

33 Infrastructure Protection Application Firewall Inspect ALL Traffic Server Isolation Perimeter Firewall Access Control Traffic Operating System Firewall Monitor Port Control

34 Process Whitelisting Allowed Executables Blocked Executables Allowed Paths Blocked Paths Allowed Scripts Blocked Scripts

35 Escalation Protection

36 Privileged Access Management (PAM) Isolation/scoping of privileges Step-up and proof-up Customizable workflow Additional logging

37 Privileged Access Management (PAM) Corporate Domain Bastion Domain Trust CORP\group BASTION\group Shadow Principal SID Mapped between identities

38 Privileged Access Management (PAM) Request Access Approval of Access Permissions Assigned Time restricted access granted

39 Privileged Access Workstations (PAW) Privileged Access Workstations (PAWs) provide a dedicated operating system for sensitive tasks that is protected from Internet attacks and threat vectors. Separating these sensitive tasks and accounts from the daily use workstations and devices provides very strong protection from phishing attacks, application and OS vulnerabilities, various impersonation attacks, and credential theft attacks such as keystroke logging, Passthe-Hash, and Pass-The-Ticket. Tier 0 Tier 1 Tier 2

40 Privileged Access Workstations (PAW) Tier 0 Forest / Domain Admins Admin Workstation Higher Tier Login Same Tier Login Active Directory Server Admins Tier 1 Admin Workstation Lower Tier Login Servers Workstatio n Admins Tier 2 Admin Workstation Workstations

41 Monitoring

42 Monitoring approaches Security Event Logging Firewall Logs Audit Logging

43 Monitoring categories High-value accounts Anomalies or malicious actions Non-active accounts Account whitelist Different account types External accounts Restricted use accounts/devices Account naming conventions

44 Alerts example # Filter Send event the Security details Event as log for specific event Get-WinEvent $Subject = User-FilterHashtable account Security ;ID=4720} Select TimeCreated,@{n= Account $Server = your.smtp.server Creator ;e={([xml]$_.toxml()).event.eventdata.data? {$_.Name $From = From@domain.com -eq SubjectUserName } %{$_. #text }}},@{n= User Account ;e={([xml]$_.toxml()).event.eventdata.data $To = To@domain.com? {$_.Name eq SamAccountName } %{$_. #text }}} $Pwd = ConvertTo-SecureString password -AsPlainText -Force #Sender account password $Cred = New-Object System.Management.Automation.PSCredential( accountname, $Pwd) $encoding = [System.Text.Encoding]::UTF8 #Setting encoding to UTF8 for message correct display $Body=Get-WinEvent Security ;ID=4720} Select TimeCreated,@{n= Account creator ;e={([xml]$_.toxml()).event.eventdata.data? {$_.Name -eq SubjectUserName } %{$_. #text }}},@{n= User Account ;e={([xml]$_.toxml()).event.eventdata.data? {$_.Name -eq SamAccountName } %{$_. #text }}} select-object -first 1 Send-MailMessage -From $From -To $To -SmtpServer $Server -Body $Body -Subject $Subject - Credential $Cred -Encoding $encoding

45 Netwrix Auditor - Demonstration

46 Netwrix Auditor Demonstration

47 Netwrix Auditor Applications Netwrix Auditor for Active Directory Netwrix Auditor for Azure AD Netwrix Auditor for Exchange Netwrix Auditor for Office 365 Netwrix Auditor for Windows File Servers Netwrix Auditor for EMC Netwrix Auditor for NetApp Netwrix Auditor for SharePoint Netwrix Auditor for Oracle Database Netwrix Auditor for SQL Server Netwrix Auditor for Windows Server Netwrix Auditor for VMware

48 Netwrix Customers Financial Healthcare & Pharmaceutical Federal, State, Local, Government GA Industrial/Technology/Other

49 Industry Awards and Recognition All awards:

50 Next Steps Free Trial: setup in your own test environment: On-premises: netwrix.com/freetrial Virtual: netwrix.com/go/appliance Cloud: netwrix.com/go/cloud Test Drive: run a virtual POС in a Netwrix-hosted test lab netwrix.com/testdrive Webinars: join our upcoming webinars and watch the recorded sessions netwrix.com/webinars Come see us at MS Ignite! September 25th-29 th, Booth #1825

51 Thank you Contact us: Liam Cleary Microsoft MVP, Blogger Jeff Melnick Pre-Sales Director, Netwrix

What s New in Netwrix Auditor 9.5

What s New in Netwrix Auditor 9.5 What s New in Netwrix Auditor 9.5 Presenter: Jeff Melnick Systems Engineer Jeff.Melnick@netwrix.com Housekeeping All attendees are on mute Ask your questions! Questions will be answered during the session

More information

Tracking changes in Hybrid Identity environments with both Active Directory and Azure Active Directory

Tracking changes in Hybrid Identity environments with both Active Directory and Azure Active Directory Tracking changes in Hybrid Identity environments with both Active Directory and Azure Active Directory Presenters: Sander Berkouwer Senior Consultant at SCCT 10-fold Microsoft MVP Active Directory aficionado

More information

The 3 Pillars of SharePoint Security

The 3 Pillars of SharePoint Security The 3 Pillars of SharePoint Security Liam Cleary CEO/Owner SharePlicity Jeff Melnick Systems Engineer Netwrix Corporation AGENDA The Problem Attack Vectors Intranet, Extranet and Public Facing Proactive

More information

What s New in Netwrix Auditor 8.0. PRESENTER: Jeff Melnick Manager of Sales Engineering x 971

What s New in Netwrix Auditor 8.0. PRESENTER: Jeff Melnick Manager of Sales Engineering x 971 What s New in Netwrix Auditor 8.0 PRESENTER: Jeff Melnick Manager of Sales Engineering Jeff.Melnick@netwrix.com 888-638-9749 x 971 How to Ask Questions 1. Type your question here 2. Click Send Agenda What

More information

Hacker Explains Privilege Escalation: How Hackers Get Elevated Permissions

Hacker Explains Privilege Escalation: How Hackers Get Elevated Permissions Hacker Explains Privilege Escalation: How Hackers Get Elevated Permissions Liam Cleary Solution Architect Protiviti Jeff Melnick Systems Engineer Netwrix Corporation Agenda Elevation Escalation Prevention

More information

Netwrix Auditor. Visibility platform for user behavior analysis and risk mitigation. Mason Takacs Systems Engineer

Netwrix Auditor. Visibility platform for user behavior analysis and risk mitigation. Mason Takacs Systems Engineer Netwrix Auditor Visibility platform for user behavior analysis and risk mitigation Mason Takacs Systems Engineer Agenda Product Overview Product Demonstration Q&A About Netwrix Auditor Netwrix Auditor

More information

Outsmarting Ransomware: Hints and Tricks. Netwrix Corporation Adam Stetson System Engineer

Outsmarting Ransomware: Hints and Tricks. Netwrix Corporation Adam Stetson System Engineer Outsmarting Ransomware: Hints and Tricks Netwrix Corporation Adam Stetson System Engineer How to Ask Questions Type your question here Click Send Agenda Ransomware Trends 9 Hints and Tricks: How to Outsmart

More information

Product Overview. Netwrix Auditor. Presenter: Jeff Melnick Manager of Sales Engineering x 971

Product Overview. Netwrix Auditor. Presenter: Jeff Melnick Manager of Sales Engineering x 971 Product Overview Netwrix Auditor Presenter: Jeff Melnick Manager of Sales Engineering Jeff.Melnick@netwrix.com 888-638-9749 x 971 About Netwrix Corporation Year of foundation: 2006 Headquarters location:

More information

Withstanding Ransomware Attack: A Step-by-Step Guide Presenter:

Withstanding Ransomware Attack: A Step-by-Step Guide Presenter: Withstanding Ransomware Attack: A Step-by-Step Guide Presenter: Jeff Melnick Manager of Sales Engineering Jeff.Melnick@netwrix.com 888-638-9749 x 971 How to Ask Questions Type your question here Click

More information

Top Critical Changes to Audit

Top Critical Changes to Audit Top Critical Changes to Audit in Microsoft SharePoint PRESENTER: Roy Lopez Systems Engineer Roy.Lopez@netwrix.com 1.201.490.8840 x2833 How to Ask Questions 1. Type your question here 2. Click Send Agenda

More information

Become an Active Directory Auditing Superstar: an all-in-one guide!

Become an Active Directory Auditing Superstar: an all-in-one guide! Become an Active Directory Auditing Superstar: an all-in-one guide! Part 2: Deep Dive Speakers Adam Bertram Microsoft MVP, Technical Writer Jeff Melnick Manager, Sales Engineering Jeff.Melnick@netwrix.com

More information

Don't 'WannaCry' No More: How to Shield Your IT Infrastructure from Ransomware. Netwrix Corporation Roy Lopez System Engineer

Don't 'WannaCry' No More: How to Shield Your IT Infrastructure from Ransomware. Netwrix Corporation Roy Lopez System Engineer Don't 'WannaCry' No More: How to Shield Your IT Infrastructure from Ransomware Netwrix Corporation Roy Lopez System Engineer How to Ask Questions Type your question here Click Send Agenda Ransomware Trends

More information

Back to Basics IT Infrastructure Configuration Tips & Tricks Active Directory / Group Policy / Exchange

Back to Basics IT Infrastructure Configuration Tips & Tricks Active Directory / Group Policy / Exchange Back to Basics IT Infrastructure Configuration Tips & Tricks Active Directory / Group Policy / Exchange Presenter: Danny Murphy Sr. Sales Engineer, Netwrix Corporation Danny.Murphy@netwrix.com +44 (0)

More information

4 Ways Your Organization Can Be Hacked

4 Ways Your Organization Can Be Hacked Behind the Scenes 4 Ways Your Organization Can Be Hacked Brian Johnson President, 7 Minute Security Jeff Melnick Netwrix, Systems Engineer Agenda Quick introductions The ways your organization can be hacked

More information

Top 7 Questions to Assess Data Security in the Enterprise

Top 7 Questions to Assess Data Security in the Enterprise Top 7 Questions to Assess Data Security in the Enterprise Presenters: Nick Cavalancia Techvangelism Jeff Melnick Manager, Sales Engineering Jeff.Melnick@netwrix.com 888-638-9749 x 971 Agenda Security Breaches

More information

Monitoring Active Directory: Both Azure AD and On-Premise AD and How Synchronization and Federation Play In

Monitoring Active Directory: Both Azure AD and On-Premise AD and How Synchronization and Federation Play In Monitoring Active Directory: Both Azure AD and On-Premise AD and How Synchronization and Federation Play In Sponsored by 2016 Monterey Technology Group Inc. Thanks to Made possible by Preview of key points

More information

What s New in Netwrix Auditor 9.7

What s New in Netwrix Auditor 9.7 What s New in Netwrix Auditor 9.7 Jeff Melnick Manager, Pre-Sales Engineering Jeff.Melnick@netwrix.com Agenda What s New in Netwrix Auditor 9.7 Briefly About Netwrix Auditor Q&A Prize Drawing INTRODUCING

More information

Netwrix Auditor for File Servers and SQL Server

Netwrix Auditor for File Servers and SQL Server Product Demo Netwrix Auditor for File Servers and SQL Server Presenter: Bradford Eadie Presales Engineer Bradford.Eadie@netwrix.com 1.201.490.8840 x2822 About Netwrix Corporation Year of foundation: 2006

More information

How to Survive an IT Audit and Thrive Off It!

How to Survive an IT Audit and Thrive Off It! How to Survive an IT Audit and Thrive Off It! Presenter: Adam Stetson Presales Engineer Adam.Stetson@netwrix.com 1.201.490.8840 x2907 Agenda Compliance Overview Continuous Compliance Control Processes

More information

What the GDPR is and how to deal with it. Russell McDermott Sales Engineer +44 (0) x 2208

What the GDPR is and how to deal with it. Russell McDermott Sales Engineer +44 (0) x 2208 What the GDPR is and how to deal with it Russell McDermott Sales Engineer Russell.Mcdermott@netwrix.com +44 (0) 203 588 3023 x 2208 How to Ask Questions Type your question here Click Send Agenda What the

More information

Top 5 NetApp Filer Incidents You Need Visibility Into

Top 5 NetApp Filer Incidents You Need Visibility Into Top 5 NetApp Filer Incidents You Need Visibility Into www.netwrix.com Toll-free: 888-638-9749 Table of Contents #1: Failed NetApp Filer Activity #2: Activity Involving Potentially Harmful Files #3: Anomalous

More information

HOW TO MAXIMIZE THE VALUE OF YOUR SPLUNK INVESTMENT. PRESENTER: Adam Stetson Presales Engineer

HOW TO MAXIMIZE THE VALUE OF YOUR SPLUNK INVESTMENT. PRESENTER: Adam Stetson Presales Engineer HOW TO MAXIMIZE THE VALUE OF YOUR SPLUNK INVESTMENT PRESENTER: Adam Stetson Presales Engineer Adam.Stetson@netwrix.com 1.201.490.8840 x2907 About Netwrix Corporation Year of foundation: 2006 Headquarters

More information

Netwrix Auditor. Know Your Data. Protect What Matters. Roy Lopez Solutions Engineer

Netwrix Auditor. Know Your Data. Protect What Matters. Roy Lopez Solutions Engineer Netwrix Auditor Know Your Data. Protect What Matters. Roy Lopez Solutions Engineer Agenda Company overview Briefly about Netwrix Auditor Netwrix Auditor Data Discovery and Classification Edition Product

More information

Top 5 Oracle Database Incidents You Need Visibility Into

Top 5 Oracle Database Incidents You Need Visibility Into Top 5 Oracle Database Incidents You Need Visibility Into www.netwrix.com Toll-free: 888-638-9749 Table of Contents #1: Table and Record Deletions #2: Role and Privilege Escalation #3: Failed Activity by

More information

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services Following topics will be covered: Module 1: Penetration Testing Planning and Scoping - Types of penetration testing and ethical hacking projects - Penetration testing methodology - Limitations and benefits

More information

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for

More information

IT Security Horrors That Keep You Up at Night

IT Security Horrors That Keep You Up at Night IT Security Horrors That Keep You Up at Night and How to Stop Them! Brian Johnson 7 Minute Security Jeff Melnick Systems Engineer Agenda Introductions My epic breach response fail (a tale of tears and

More information

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The SANS Institute Top 20 Critical Security Controls. Compliance Guide The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise

More information

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client

More information

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) A Guide to Leveraging Privileged Account Security to Assist with SWIFT CSCF Compliance Table of Contents Executive Summary...

More information

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government

More information

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan

More information

Ethical Hacking and Prevention

Ethical Hacking and Prevention Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive

More information

CONTENTS IN DETAIL. FOREWORD by HD Moore ACKNOWLEDGMENTS INTRODUCTION 1 THE ABSOLUTE BASICS OF PENETRATION TESTING 1 2 METASPLOIT BASICS 7

CONTENTS IN DETAIL. FOREWORD by HD Moore ACKNOWLEDGMENTS INTRODUCTION 1 THE ABSOLUTE BASICS OF PENETRATION TESTING 1 2 METASPLOIT BASICS 7 CONTENTS IN DETAIL FOREWORD by HD Moore xiii PREFACE xvii ACKNOWLEDGMENTS xix Special Thanks... xx INTRODUCTION xxi Why Do A Penetration Test?... xxii Why Metasploit?... xxii A Brief History of Metasploit...

More information

Modern Realities of Securing Active Directory & the Need for AI

Modern Realities of Securing Active Directory & the Need for AI Modern Realities of Securing Active Directory & the Need for AI Our Mission: Hacking Anything to Secure Everything 7 Feb 2019 Presenters: Dustin Heywood (EvilMog), Senior Managing Consultant, X-Force Red

More information

Install and Configure Active Directory Domain Services

Install and Configure Active Directory Domain Services Active Directory 101 Install and Configure Active Directory Domain Services Sander Berkouwer CTO at SCCT 10-fold Microsoft MVP Active Directory aficionado Daniel Goater Systems Engineer Netwrix Active

More information

RastaLabs Red Team Simulation Lab

RastaLabs Red Team Simulation Lab RastaLabs Red Team Simulation Lab LAB OUTLINE Description RastaLabs is a virtual Red Team Simulation environment, designed to be attacked as a means of learning and honing your engagement skills. The focus

More information

Security Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE

Security Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE Cyber Security Services Security Testing - a requirement for a secure business ISACA DAY in SOFIA Agenda No Agenda Some minimum theory More real

More information

COPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51

COPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51 Acknowledgments Introduction Part I: The Basics in Depth 1 Chapter 1: Windows Attacks 3 Attack Classes 3 Automated versus Dedicated Attacker 4 Remote versus Local 7 Types of Attacks 8 Dedicated Manual

More information

Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test. Tyler Rasmussen Mercer Engineer Research Center

Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test. Tyler Rasmussen Mercer Engineer Research Center Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test Tyler Rasmussen Mercer Engineer Research Center About Me Cybersecurity Engineering Intern @ MERC Senior IT/Cybersecurity

More information

Securing Active Directory Administration

Securing Active Directory Administration Securing Active Directory Administration April 18, 2019 Sponsored by @BlackHatEvents / #BlackHatWebcasts Agenda On-Prem AD vs Azure AD Evolution of Administration Exploiting Typical Administration Methods

More information

Security Fundamentals for your Privileged Account Security Deployment

Security Fundamentals for your Privileged Account Security Deployment Security Fundamentals for your Privileged Account Security Deployment February 2016 Copyright 1999-2016 CyberArk Software Ltd. All rights reserved. CAVSEC-PASSF-0216 Compromising privileged accounts is

More information

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office

More information

A (sample) computerized system for publishing the daily currency exchange rates

A (sample) computerized system for publishing the daily currency exchange rates A (sample) computerized system for publishing the daily currency exchange rates The Treasury Department has constructed a computerized system that publishes the daily exchange rates of the local currency

More information

Netwrix Virtual. Customer Summit 2016

Netwrix Virtual. Customer Summit 2016 Netwrix Virtual Customer Summit 2016 Welcome Michael Fimin Chief Executive Officer Phone: 1.949.407.5125 x1057 Email: Michael.Fimin@netwrix.com linkedin.com/in/michaelfimin Agenda Michael Fimin Chief Executive

More information

Netwrix Auditor for SQL Server

Netwrix Auditor for SQL Server Netwrix Auditor for SQL Server Quick-Start Guide Version: 9.5 10/25/2017 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment from

More information

MigrationWiz Security Overview

MigrationWiz Security Overview MigrationWiz Security Overview Table of Contents Introduction... 2 Overview... 2 Shared Security Approach... 2 Customer Best Practices... 2 Application Security... 4 Data Security and Handling... 4 Database

More information

CS 356 Operating System Security. Fall 2013

CS 356 Operating System Security. Fall 2013 CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database

More information

Certified Ethical Hacker (CEH)

Certified Ethical Hacker (CEH) Certified Ethical Hacker (CEH) COURSE OVERVIEW: The most effective cybersecurity professionals are able to predict attacks before they happen. Training in Ethical Hacking provides professionals with the

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection

Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection Azure Active Directory 3 rd Party IaaS IaaS Rights Management Services

More information

Solutions Business Manager Web Application Security Assessment

Solutions Business Manager Web Application Security Assessment White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security

More information

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking Summer Training Internship Program 2017 (STIP - 2017) is a practical oriented & industrial level training program for all students who have aspiration to work in the core technical industry domain. This

More information

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP AN IPSWITCH WHITEPAPER The Definitive Guide to Secure FTP The Importance of File Transfer Are you concerned with the security of file transfer processes in your company? According to a survey of IT pros

More information

Critical Hygiene for Preventing Major Breaches

Critical Hygiene for Preventing Major Breaches SESSION ID: CXO-F02 Critical Hygiene for Preventing Major Breaches Jonathan Trull Microsoft Enterprise Cybersecurity Group @jonathantrull Tony Sager Center for Internet Security @CISecurity Mark Simos

More information

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand

More information

Curso: Ethical Hacking and Countermeasures

Curso: Ethical Hacking and Countermeasures Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security

More information

Identity & Access Management

Identity & Access Management Identity & Access Management THE PROBLEM: HOW DO WE ENABLE PRODUCTIVITY WITHOUT COMPROMISING SECURITY? S E C U R I T Y OR P R O D U C T I V I T Y On-premises THE PROBLEM: HOW DO WE ENABLE PRODUCTIVITY

More information

ANATOMY OF AN ATTACK!

ANATOMY OF AN ATTACK! ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable

More information

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model

More information

A Process is No One: Hunting for Token Manipulation. Jared Atkinson & Robby Winchester

A Process is No One: Hunting for Token Manipulation. Jared Atkinson & Robby Winchester Jared Atkinson Robert Winchester A Process is No One: Hunting for Token Manipulation Jared Atkinson & Robby Winchester @jaredcatkinson Adversary Detection Technical Lead @ SpecterOps Developer: PowerForensics

More information

How to Ensure Continuous Compliance?

How to Ensure Continuous Compliance? How to Ensure Continuous Compliance? Episode I: HIPAA Compliance 101 Speaker: Danny Murphy Sr. Sales Engineer, Netwrix Corporation Danny.Murphy@netwrix.com +44 (0) 203 588 3023 ext 2202 Agenda Compliance

More information

ForeScout Extended Module for Carbon Black

ForeScout Extended Module for Carbon Black ForeScout Extended Module for Carbon Black Version 1.0 Table of Contents About the Carbon Black Integration... 4 Advanced Threat Detection with the IOC Scanner Plugin... 4 Use Cases... 5 Carbon Black Agent

More information

Managing an Active Incident Response Case. Paul Underwood, COO

Managing an Active Incident Response Case. Paul Underwood, COO Managing an Active Incident Response Case Paul Underwood, COO 2 About Us Paul Underwood - COO Emagined Security is a leading professional services firm for Information Security, Privacy & Compliance solutions.

More information

Cyber security tips and self-assessment for business

Cyber security tips and self-assessment for business Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this

More information

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer Privilege Security & Next-Generation Technology Morey J. Haber Chief Technology Officer mhaber@beyondtrust.com Agenda The Next-Gen Threat Landscape o Infomatics, Breaches & the Attack Chain o Securing

More information

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Transforming Security from Defense in Depth to Comprehensive Security Assurance Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new

More information

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry

More information

7 Steps to Complete Privileged Account Management. September 5, 2017 Fabricio Simao Country Manager

7 Steps to Complete Privileged Account Management. September 5, 2017 Fabricio Simao Country Manager 7 Steps to Complete Privileged Account Management September 5, 2017 Fabricio Simao Country Manager AGENDA Implications of less mature privileged account management What does a more mature approach look

More information

NETWORK THREATS DEMAN

NETWORK THREATS DEMAN SELF-DEFENDING NETWORK NETWORK THREATS DEMAN NEW SECURITY: STRATEGIES TECHNOLOGIES Self-Propagating Threats A combination of: self propagating threats Collaborative applications Interconnected environments

More information

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment

More information

AppSpider Enterprise. Getting Started Guide

AppSpider Enterprise. Getting Started Guide AppSpider Enterprise Getting Started Guide Contents Contents 2 About AppSpider Enterprise 4 Getting Started (System Administrator) 5 Login 5 Client 6 Add Client 7 Cloud Engines 8 Scanner Groups 8 Account

More information

PLANNING AZURE INFRASTRUCTURE SECURITY - AZURE ADMIN ACCOUNTS PROTECTION & AZURE NETWORK SECURITY

PLANNING AZURE INFRASTRUCTURE SECURITY - AZURE ADMIN ACCOUNTS PROTECTION & AZURE NETWORK SECURITY PAGE 2 IN CEE PLANNING AZURE INFRASTRUCTURE SECURITY - AZURE ADMIN ACCOUNTS PROTECTION & AZURE NETWORK SECURITY MAR 2017 IGOR SHASTITKO About Consalta Every business deserves an opportunity to grow! We

More information

CIS Top 20 #5. Controlled Use of Administrative Privileges

CIS Top 20 #5. Controlled Use of Administrative Privileges CIS Top 20 #5 Controlled Use of Administrative Privileges CIS CSC #5: Controlled use of administrative privileges What is a privileged Account? Why are they Dangerous? What can we do about it? How

More information

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS KASPERSKY FRAUD PREVENTION FOR ENDPOINTS www.kaspersky.com KASPERSKY FRAUD PREVENTION 1. Ways of Attacking Online Banking The prime motive behind cybercrime is making money and today s sophisticated criminal

More information

IBM SmartCloud Notes Security

IBM SmartCloud Notes Security IBM Software White Paper September 2014 IBM SmartCloud Notes Security 2 IBM SmartCloud Notes Security Contents 3 Introduction 3 Service Access 4 People, Processes, and Compliance 5 Service Security IBM

More information

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security HTML PHP Database Linux Operating System and Networking: LINUX NETWORKING Information Gathering:

More information

Understanding Cisco Cybersecurity Fundamentals

Understanding Cisco Cybersecurity Fundamentals 210-250 Understanding Cisco Cybersecurity Fundamentals NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 210-250 Exam on Understanding Cisco

More information

Understanding Perimeter Security

Understanding Perimeter Security Understanding Perimeter Security In Amazon Web Services Aaron C. Newman Founder, CloudCheckr Aaron.Newman@CloudCheckr.com Changing Your Perspective How do I securing my business applications in AWS? Moving

More information

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking

More information

2016 Tri-State CF Partnership Webinar Series. Cyber Crime Trends a State of the Union April 7, 2016

2016 Tri-State CF Partnership Webinar Series. Cyber Crime Trends a State of the Union April 7, 2016 2016 Tri-State CF Partnership Webinar Series Cyber Crime Trends a State of the Union April 7, 2016 Presenter Mark Eich, Principal Information Security Services Group CliftonLarsonAllen 2014 CliftonLarsonAllen

More information

Future Forests: Realistic Strategies for AD Security & Red Forest Architecture

Future Forests: Realistic Strategies for AD Security & Red Forest Architecture SESSION ID: STR-R02 Future Forests: Realistic Strategies for AD Security & Red Forest Architecture Katie Knowles Security Consultant MWR InfoSecurity @_sigil Introduction: Why AD Matters How AD is Targeted

More information

Penetration Testing with Kali Linux

Penetration Testing with Kali Linux Penetration Testing with Kali Linux PWK Copyright Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security No part of this publication, in whole or in part, may

More information

Locking down a Hitachi ID Suite server

Locking down a Hitachi ID Suite server Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime

More information

CIS Controls Measures and Metrics for Version 7

CIS Controls Measures and Metrics for Version 7 Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update

More information

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

A Measurement Companion to the CIS Critical Security Controls (Version 6) October A Measurement Companion to the CIS Critical Security Controls (Version 6) October 2015 1 A Measurement Companion to the CIS Critical Security Controls (Version 6) Introduction... 3 Description... 4 CIS

More information

CIS Controls Measures and Metrics for Version 7

CIS Controls Measures and Metrics for Version 7 Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information

More information

Computers Gone Rogue. Abusing Computer Accounts to Gain Control in an Active Directory Environment. Marina Simakov & Itai Grady

Computers Gone Rogue. Abusing Computer Accounts to Gain Control in an Active Directory Environment. Marina Simakov & Itai Grady Computers Gone Rogue Abusing Computer Accounts to Gain Control in an Active Directory Environment Marina Simakov & Itai Grady Motivation Credentials are a high value target for attackers No need for 0-day

More information

MODERN DESKTOP SECURITY

MODERN DESKTOP SECURITY MODERN DESKTOP SECURITY I M GOING TO BE HONEST. WE RE IN THE FIGHT OF OUR DIGITAL LIVES, AND WE ARE NOT WINNING! M I C H A E L M C C A U L, C H A I R M A N, U S H O M E L A N D S E C U R I T Y C O M M

More information

Audience. Pre-Requisites

Audience. Pre-Requisites T R A N C H U L A S W O R K S H O P S A N D T R A I N I N G S Hands-On Penetration Testing Training Course About Tranchulas Tranchulas is a multinational information security company having its offices

More information

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches

More information

Chapter 9. Firewalls

Chapter 9. Firewalls Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however

More information

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002 ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION

More information

This course comes with a virtual lab environment where you can practice what you learn.

This course comes with a virtual lab environment where you can practice what you learn. INF220x Security Practical Exercises Overview This course comes with a virtual lab environment where you can practice what you learn. In most cases, the userid is Adatum\Administrator and the password

More information

Deploy and Configure Microsoft LAPS. Step by step guide and useful tips

Deploy and Configure Microsoft LAPS. Step by step guide and useful tips Deploy and Configure Microsoft LAPS Step by step guide and useful tips 2 Table of Contents Challenges today... 3 What is LAPS... 4 Emphasis and Tips... 5 How LAPS Work... 6 Components... 6 Prepare, Deploy

More information

Premediation. The Art of Proactive Remediation. Matthew McWhirt, Senior Manager Manfred Erjak, Principal Consultant OCTOBER 1 4, 2018 WASHINGTON, D.C.

Premediation. The Art of Proactive Remediation. Matthew McWhirt, Senior Manager Manfred Erjak, Principal Consultant OCTOBER 1 4, 2018 WASHINGTON, D.C. Premediation The Art of Proactive Remediation Matthew McWhirt, Senior Manager Manfred Erjak, Principal Consultant OCTOBER 1 4, 2018 WASHINGTON, D.C. Overview Case Study Remediation Overview Premediation

More information

Application Security through a Hacker s Eyes James Walden Northern Kentucky University

Application Security through a Hacker s Eyes James Walden Northern Kentucky University Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways

More information

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified

More information

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

ETHICAL HACKING & COMPUTER FORENSIC SECURITY ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,

More information

Windows Server Security Guide

Windows Server Security Guide Windows Server Security Guide August 2017 Contents Windows Server 2016 Security Guide... 3 Why is Windows Server 2016 security important?... 3 How does Windows Server 2016 help prevent and detect compromise?...

More information