Windows Credentials: Attacks, Mitigations & Defense

  • Friday, 27 Oct 2017 1:00PM EDT (27 Oct 2017 17:00 UTC)
  • Speaker: Chad Tilbury

Windows credentials are arguably the largest vulnerability affecting the modern enterprise. 'Credential harvesting is goal number one post-exploitation, and hence it provides an appealing funnel point for identifying attacks early in the kill chain. 'Unfortunately, credentials are diverse and numerous in Windows, and so are the attacks. 'With significant credential theft mitigations released in Win8.1, Win10 and Server 2012/2016, both red and blue teams require an enhanced understanding of Windows credentials. 'Red teamers may suddenly find their favorite techniques obsolete, while the blue team needs to take advantage of available mitigation techniques as soon as possible. 'Credential types, attack tools, and mitigation will all be discussed, giving insight into both sides of the equation. '