Learn cyber security skills you can implement immediately! Seven courses offered Jan. 20-25 in Anaheim, CA


To attend this webcast, login to your SANS Account or create your Account.

Privileged Domain Account Protection: How to Limit Credentials Exposure

  • Tuesday, March 10th, 2015 at 3:00 PM EDT (19:00:00 UTC)
  • Mike Pilkington
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


In most enterprise networks, there are a number of privileged accounts that are used for maintaining the Windows domain, including accounts for domain administration, configuration management, patch management, vulnerability analysis, and incident response. In all of these cases, the accounts have the ability to logon to most, if not all, Windows hosts in the environment. These accounts therefore become high-value targets for attackers.

In order to protect these privileged domain accounts, it is important to have a solid understanding of the various circumstances which expose domain account credentials. In this presentation, I will discuss what you can and cannot do safely with domain accounts. In particular, I will cover attacks against password hashes, security support providers, access tokens, and network authentication protocols. I will then provide a set of recommendations that you can follow to mitigate the risks and protect these privileged domain account credentials in your environment.

Speaker Bio

Mike Pilkington

Mike Pilkington is a Senior Security Consultant for a Fortune 500 company in the oil & gas industry. He has been an IT professional since graduating in 1996 from the University of Texas with a B.S. in Mechanical Engineering. Since joining his company in 1997, he has been involved in software quality assurance, systems administration, network administration, and information security. Outside of his normal work schedule, Mike has also been involved with the SANS Institute as an instructor in the Digital Forensics and Incident Response program.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.