Episode Details

Back to Episodes
Webcast: The Quest for the Kill Chain Killer Continues

Webcast: The Quest for the Kill Chain Killer Continues

Episode 1 Published 4 years, 6 months ago
Description
Jordan and Kent have heard from a lot of people that the past Black Hills Information Security (BHIS) webcasts: “Group Policies That Kill Kill Chains” and “Active Directory Best Practices to Frustrate Attackers” have changed their business models for the better. And since they’ve been offered the BHIS soapbox again, they thought it was time to update this material and combine it. Security can sometimes move slow and other times blazingly fast. They’ll discuss what they’ve seen in the past year and how it impacts their view on baseline defensive configurations you shouldn’t be operating without. At the end of the day, we are in this game to make things difficult for attackers, adversaries, and red teamers. We want to reduce mean time to detection. And we really want to help you make your networks and domains more secure. So… why not update our favorite webcasts with everything we’ve learned since giving them? Join the BLACK HILLS INFOSEC Discord Server — https://discord.gg/bhis The Kill Chains Material: https://www.blackhillsinfosec.com/webcast-group-policies-that-kill-kill-chains/ How to Frustrate Attackers Material: https://www.blackhillsinfosec.com/webcast-group-policies-that-kill-kill-chains/ Recorded•2021-05-13 00:00 – FEATURE PRESENTATION BEGINS – The Quest for the Kill Chain Killer Continues 02:15 – What Changed in the Last Year? 06:31 – The Kill Chain 07:47 – Active Directory Best Practices to Frustrate Attackers 09:22 – Pre-Reqs 13:31 – Active Directory
  • (00:00) - FEATURE PRESENTATION BEGINS - The Quest for the Kill Chain Killer Continues
  • (02:14) - What Changed in the Last Year?
  • (06:26) - The Kill Chain
  • (07:40) - Active Directory Best Practices to Frustrate Attackers
  • (09:13) - Pre-Reqs
  • (13:21) - Active Directory
  • (16:04) - Organizational Units ^^ Policies
  • (17:35) - Layer Two Protocols
  • (20:41) - Addressing LLMNR (NBNS and WPAD too)
  • (22:50) - Unaddressing of LLMNR
  • (34:12) - Addressing NBNS
  • (34:55) - Addressing WPAD
  • (36:41) - File Shares
  • (39:24) - SMB Signing
  • (41:02) - IPv6
  • (41:53) - LDAP Channel Binding
  • (42:57) - Microsoft Store
  • (43:55) - Too Many GPOs to Cover
  • (44:40) - Dealing with Local Admins
  • (45:24) - Network Logons
  • (46:50) - Managed Service Accounts
  • (48:32) - Application Controls
  • (49:18) - Speaking of Ransomware...
  • (50:21) - Firewalls
  • (52:01) - Canary Accounts
  • (52:51) - Network Analysis
  • (54:17) - Credentials
  • (56:40) - Wrap-Up and Questions
Listen Now

Love PodBriefly?

If you like Podbriefly.com, please consider donating to support the ongoing development.

Support Us