A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Deploying PAWs as Part of a Strategy to Limit Credential Theft and Lateral Movement - Bill V Derbycon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Deploying PAWs as Part of a Strategy to Limit Credential Theft and Lateral Movement
Bill V
Derbycon 2016

Bruce Schneier sums up credential theft much better than I can. He said the following in a blog post earlier this year: "The most common way hackers of all stripes, from criminals to hacktivists to foreign governments, break into networks is by stealing and using a valid credential. Rob Joyce, the head of the NSA's Tailored Access Operations (TAO) group -- basically the country's chief hacker -- gave a rare public talk at a conference in January. In essence, he said that zero-day vulnerabilities are overrated, and credential stealing is how he gets into networks. Stealing a valid credential and using it to access a network is easier, less risky, and ultimately more productive than using an existing vulnerability, even a zero-day." Privileged Access Workstations (PAWs) are hardened admin workstations implemented to protect privileged accounts. In this talk I will discuss my lessons learned while deploying PAWs in the real world as well as other techniques I've used to limit exposure to credential theft and lateral movement. I hope to show fellow blue teamers these types of controls are feasible to implement, even in small environments.

My name is Bill V. I'm passionate about security and I head up everything IT at a SMB in the financial industry. One of my favorite things about being a blue teamer is implementing an effective control network-wide and users not even noticing. I enjoy learning new offensive techniques, testing them out on my network, and building defenses and detection mechanisms around them.

Bill V - @blueteamer

Back to Derbycon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast