May 13

Webinar Takeaway: The Quest for the Kill Chain Killer Continues

0  comments

My key takeaways

  • baseline defence must grow
  • centralized logging required anyway
  • VPNs need MFA too, esp with working from home
  • early installations of Zoom-client on Windows got you a webserver running with open RDP
  • JUGLAR = J-User-Global-Universal-DomainLocal-Resource
  • More than 50% of enterprises that BHIS tests, still have support for LLMNR and NBNS enabled
    • How to disable LLMNR: Computer Configuration -> Policies -> Admin Templates -> Network -> DNS Client : Turn off multicast name resolution: ENABLED
  • Search your file shares for: password, credentials, *.kdbx
  • SMB signing should be enabled
  • Find local admins at Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Security Options -> Accounts*
  • You need a SIEM in place to make use of canary account
    • Windows Event logs --> SIEM --> Alert

Env

additional links


Tags

active directory, blue team, llmnr, smb


You may also like

Webinar takeaway – How to Detect and Respond to Business Email (M365) Compromise

Webinar takeaway – How to Detect and Respond to Business Email (M365) Compromise

Webinar takeaway: Hacking Packet Captures: The Foundations of Network Security

Webinar takeaway: Hacking Packet Captures: The Foundations of Network Security
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}