Webinar takeaway: Upping Your Defenses and Detections For the Low Low Price of FREEEEE

My key takeaways

• Almost everybody get’s popped, a matter of time and ressources
• even with low budgets there are a lot of tools that help to make it harder for the attackers
• Doing some OSINT for the own organization might bring up a lot of information that attackers will use
• Webapp pentesting is basic security
• The huge databases of breached data out there, make a good password policy imperative
• Phishing is still a very effective attack vector
• Once popped, detecting the intruder fast has priority
• By hardening the internal systems, making it harder for an attacker to find valuable assets
• Blue teams should be familiar with these 3 stages:
  • low hanging fruits like
    • SMBv1
    • LLMNR/NBNS
    • DTP
    • Pass-The-Hash
  • Protected Harvests like
    • BloodHound
    • Kerberoasting
    • Command and Control (C2)
    • Living Of the Land Binaries
    • Malicious LNK Files
  • Stealthy Defense
    • Group Policies
• Kent & Jordan mention for almost every aspect multiple free tools to use
  • No links provided but all in BHIS Blog

Env

• Provided by
  • blackhillsinfosec.com
  • defensive origins
• presenters:
  • Jordan Drysdale
  • Kent Ickler

additional links

• https://github.com/Cyb3rWard0g/HELK
• https://porchetta.industries/2020/11/17/And-Now-For-Something-Completely-Diffrent/
• https://www.blackhillsinfosec.com/webcast-group-policies-that-kill-kill-chains/
• https://www.pingcastle.com/