Break Me - Credential Assessment Mapping Privilege Escalation at Scale - Matt Weeks
Offered By: YouTube
Course Description
Overview
Explore credential assessment mapping and privilege escalation at scale in this 56-minute conference talk from Derbycon 2015. Delve into major breaches like Target and Sands Casino, examining critical flaws and missed alarms. Investigate the IT industry's focus on credential theft and Windows password storage. Learn about defensive strategies, including authentication policies and preventing privilege escalation. Gain insights into offensive options and the importance of credential management. Witness a demonstration and understand why certain security measures fail. Discover how to extract hashes, use double hashes, and implement effective authentication policies to enhance your organization's security posture.
Syllabus
Introduction
Motivation
Major Breaches
Target Breach
Critical Flaw
Missed Alarms
The Biggest Issue
US Senate Report
Summary
Sands Casino
How it happened
No alerts missed
Industry response
Credential theft
IT industry focus
Windows password storage
Minicats
Boring Alternatives
Defending Against This
Hand Diagram
Credentials
Extracting hashes
Using double hashes
A funny Facebook video
Why did this fail
Force Guest
Authentication
Remote Desktop
Demo
Prevent Privilege Escalation
Authentication Policies
Offensive Options
Pay attention to credentials
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube