Presentation is loading. Please wait.

Presentation is loading. Please wait.

Taking Windows Security to the Next Level with Group Policy

Published bySuparman Sumadi Modified over 5 years ago

Similar presentations

Presentation on theme: "Taking Windows Security to the Next Level with Group Policy"— Presentation transcript:

1

2 Taking Windows Security to the Next Level with Group Policy
Alan Burchill M390

3 Agenda Pass the Hash (in 5 minutes)
What’s changed with security in Group Policy? Managing local passwords (the new way)

4 Pass the Hash (PtH) Why should I care?
4

5 Pass-the-Hash Technique
Fred’s Laptop Sue’s Laptop File Server Fred’s User Session Sue’s User Session User: Fred User: Sue Password hash: A3D7… Password hash: C9DF… Malware User Session User: Fred Malware User Session User: Sue User: Fred Hash:A3D7 User: Fred User: Sue Hash:C9DF Password hash: A3D7… Hash: A3D7 Hash: C9DF 1 2 3 Fred runs malware Malware infects Sue’s laptop as Fred Malware infects File Server as Sue

6 Typical Pass The Hash Attack
Power: Domain Controllers Bad guy targets workstations en masse User running as local admin compromised, Bad guy harvests credentials. Bad guy uses credentials for lateral traversal Data: Servers and Applications Bad guy acquires domain admin credentials and associated privileges – privilege escalation Bad guy has direct or indirect access to read/write/destroy data and systems in the environment. Access: Users and Workstations

7 Tier Admin Access Tier 0 – Domain Admins Tier 1 – Server Admins
TechEd 2013 4/25/2019 9:59 AM Tier Admin Access Tier 0 – Domain Admins Tier 1 – Server Admins Tier 2 – Workstation Admins Normal / Mortal Accounts © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 TechEd 2013 4/25/2019 9:59 AM Tier Admin Access © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Group Policy Preferences Passwords Were Bad

10 What is a cPassword? Lightly obscure password stored in AD
encrypted using 32bit DES that is readable by all authenticated users                                                                                    Decryption key is can be found at:  

11 Configuring cPasswords via UI is now disabled
MS14-025

12 Why should I care now? Metasploit
“This module enumerates the victim machine's domain controller and connects to it via SMB. It then looks for Group Policy Preference XML files containing local user accounts and passwords and decrypts them using Microsofts public AES key.”

13 So how do I manage my local password?
LAPS – Local Admin Password Service

14 LAPS DEMO

15 This all I have to do right?
No! “Price of freedom is eternal vigilance”

16 Related Ignite NZ Sessions
Required Slide *delete this box once you have listed content that is related to your session. Speakers, please list the other Breakout Sessions that relate to your session. Also indicate where and when they can find you, to continue the discussion. If you’re going to be at Hub Happy Hour ( pm Wed and Thu, let them know) Related Ignite NZ Sessions 1 5 Azure Consistent Service Delivery Overview NZ1 Wed 10:00am Security and Assurance Overview NZ4 Fri 9:00am 6 What’s New in System Centre for Management NZ1 Fri 11:00am 2 Server Virtualisation Overview NZ2 Wed 1:30pm 3 Networking Overview SKYCITY Theatre Thu 11:00am Find me later at… Hub Happy Hour Wed 5:30-6:30pm Hub Happy Hour Thu 5:30-6:30pm Closing drinks Fri 3:00-4:30pm 4 Storage Overview SKYCITY Theatre Thu 3:30pm

17 Resources Microsoft Virtual Academy TechNet & MSDN Flash
4/25/2019 Microsoft Virtual Academy Resources TechNet & MSDN Flash Free Online Learning Subscribe to our fortnightly newsletter Sessions on Demand © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Complete your session evaluation now and win! 4/25/2019 9:59 AM
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 4/25/2019 9:59 AM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Taking Windows Security to the Next Level with Group Policy"

Similar presentations

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
MIX 09 4/15/2017 11:14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Co- location Mass Market Managed Hosting ISV Hosting.

Co- location Mass Market Managed Hosting ISV Hosting.
Session 1.

Session 1.
Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
30 Bad Habits of Server Administrators Orin Thomas M321.

30 Bad Habits of Server Administrators Orin Thomas M321.
Connect with life www.connectwithlife.co.in. Connect with life www.connectwithlife.co.in.

Connect with life Connect with life
Windows Azure Connect Name Title Microsoft Corporation.

Windows Azure Connect Name Title Microsoft Corporation.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.
demo Instance AInstance B Read “7” Write “8”

demo Instance AInstance B Read “7” Write “8”
Virtualization Vision & Strategy Ben Armstrong M246.

Virtualization Vision & Strategy Ben Armstrong M246.

customer.

customer.
demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
demo Demo.

demo Demo.

Similar presentations

Ads by Google