SANS Online Training Special: Get an iPad Mini, Chromebook Flip, or $250 Off until 10/30! 

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Windows Credentials: Attacks, Mitigations & Defense

  • Friday, October 27th, 2017 at 1:00 PM EDT (17:00:00 UTC)
  • Chad Tilbury
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

Windows credentials are arguably the largest vulnerability affecting the modern enterprise. Credential harvesting is goal number one post-exploitation, and hence it provides an appealing funnel point for identifying attacks early in the kill chain. Unfortunately, credentials are diverse and numerous in Windows, and so are the attacks. With significant credential theft mitigations released in Win8.1, Win10 and Server 2012/2016, both red and blue teams require an enhanced understanding of Windows credentials. Red teamers may suddenly find their favorite techniques obsolete, while the blue team needs to take advantage of available mitigation techniques as soon as possible. Credential types, attack tools, and mitigation will all be discussed, giving insight into both sides of the equation. 

Speaker Bio

Chad Tilbury

Chad has over 20 years of experience working with government agencies, defense contractors, and Fortune 500 companies. He served as a Special Agent with the Air Force Office of Special Investigations, where he investigated and conducted computer forensics for a variety of crimes, including murder, abduction, espionage, fraud, hacking, intellectual property theft, child exploitation, terrorism, and computer intrusions. He has led international forensic teams, built forensic departments, and spent over eight years as an incident response consultant and technical director with Mandiant and CrowdStrike. Here at SANS, Chad is a senior instructor and co-author for two six-day courses: FOR500: Windows Forensic Analysis, which focuses on the core skills required to become a certified forensic practitioner, and FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics, which teaches sophisticated computer intrusion analysis and advanced threat hunting techniques.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.