Presentation is loading. Please wait.

Presentation is loading. Please wait.

Oh no! My W1nd0ws S3rv3r 1s H@ck3d Vladimir Stefanović Oh no! My W1nd0ws S3rv3r 1s H@ck3d.

Published byVictor Ange Perrot Modified over 5 years ago

Similar presentations

Presentation on theme: "Oh no! My W1nd0ws S3rv3r 1s H@ck3d Vladimir Stefanović Oh no! My W1nd0ws S3rv3r 1s H@ck3d."— Presentation transcript:

1 Oh no! My W1nd0ws S3rv3r 1s H@ck3d
Vladimir Stefanović Oh no! My W1nd0ws S3rv3r 1s

2

3 Who am I Vladimir Stefanović System Engineer @Superadmins
Techical MCSA, MCSE, MCT, IAMCT Regional Lead, Speaker

4 (Un)Fortunately, this session is based on true story ...

5 Approach and attack vector
Traditional I’m not a target Attack can come only from outside Modern Protect Detect Respond Threats Compromise accounts Exploit vulnerabilities Phishing attacks Malware Motives for attack Profit - Ransoming data Destroying infrastructure

6 Statistics 2017 - Attack motives

7 Statistics 2017 - After attack plans & budget

8 Can we harden Windows infrastructure, and how?

9 How ??? Configuring user rights (GPO, Permissions...)
Configuring access (JEA, NTFS, MFA, LAPS...) Policy implementation Log analytics NIDS / NIPS Oldie-Goldie principles ... and ...

10 User (admin) Education

11 Configuring user rights

12 Policies - Password

13 Policies - Kerberos

14 JEA - Just Enough Administration
JEA provides RBAC on Windows PowerShell remoting The endpoint limits the user to use predefined PowerShell cmdlets, parameters, and parameter values Actions are performed by using a special machine local virtual account Native support in Windows Server 2016 and Windows 10 Supported on other OS with installed WMF 5+

15 JEA - Disadvantages Not suitable for troubleshooting tasks
Setup requires understanding precisely which cmdlets, parameters, aliases, and values are needed to perform specific tasks JEA works only with Windows PowerShell sessions User must be familiar with PowerShell

16 JEA - Configuring Create role-capability file(s)
Configure visible cmdlets Configure visible functions Configure visible external commands Create session-configuration file(s) Configure role defitinions Creating JEA endpoint / Register session-configuration file(s) Connect to JEA endpoint with ComputerName and Configuration name parameters

17 JEA - Demo

18 We must not forget a.k.a. Oldie Goldie

19 Oldie goldie System patching Backup & Backup testing
Password & Kerberos policy Disable SMBv1 (be careful, sensitive task) Disable NTLM (be careful) Least privilege Separated admin account ...

20 Q & A

21

Download ppt "Oh no! My W1nd0ws S3rv3r 1s H@ck3d Vladimir Stefanović Oh no! My W1nd0ws S3rv3r 1s H@ck3d."

Similar presentations

Computer Security: Principles and Practice

Computer Security: Principles and Practice
4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.

SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.
ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised 24-48 Hours Domain Admin Compromised Data Exfiltration (Attacker.

ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker.
Chapter 2 Accessing Your System and the Common Desktop Environment.

Chapter 2 Accessing Your System and the Common Desktop Environment.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Working with Workgroups and Domains

Working with Workgroups and Domains
Securing Windows Servers Using Group Policy Objects

Securing Windows Servers Using Group Policy Objects
PowerShell Desired State Configuration for Securing Systems Jeffrey Snover Distinguished Engineer (MSFT) Hemant Mahawar Senior Program Manager (MSFT) #devconnections.

PowerShell Desired State Configuration for Securing Systems Jeffrey Snover Distinguished Engineer (MSFT) Hemant Mahawar Senior Program Manager (MSFT) #devconnections.
Appendix A Starting Out with Windows PowerShell™ 2.0.

Appendix A Starting Out with Windows PowerShell™ 2.0.
Lesson 17-Windows 2000/Windows 2003 Server Security Issues.

Lesson 17-Windows 2000/Windows 2003 Server Security Issues.
Chapter 12 Operating System Security Strategies The 2010 Australian Signals Directorate (ASD) lists the “Top 35 Mitigation Strategies” Over 85% of.

Chapter 12 Operating System Security Strategies The 2010 Australian Signals Directorate (ASD) lists the “Top 35 Mitigation Strategies” Over 85% of.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.

Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Labs. Lab Session 1: Administering Windows Server 2008 Exercise 1: Install the DNS Server Role Exercise 2: Configuring Remote Desktop for Administration.

Labs. Lab Session 1: Administering Windows Server 2008 Exercise 1: Install the DNS Server Role Exercise 2: Configuring Remote Desktop for Administration.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.

Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
Small Business Security Keith Slagle April 24, 2007.

Small Business Security Keith Slagle April 24, 2007.
ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam

ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam

Similar presentations

Ads by Google