Why You Need to Detect More Than Pass-the-Hash

Explore the critical importance of detecting more than just Pass-the-Hash attacks in this 29-minute Black Hat conference talk. Delve into the world of compromised credentials, understanding why they remain a persistent threat in cybersecurity. Learn systematic approaches to prevent credential abuse and discover more efficient detection techniques beyond traditional IoCs. Gain insights from security experts Matt Hathaway and Jeff Myers as they break down the attacker's mindset, discuss various entry points, and demonstrate practical examples using tools like Metasploit. Understand the significance of centralized logging and event analysis in identifying and mitigating credential-based threats across domains.

Intro
Who are we
Agenda
Primer
Pass a Hash
Attacker Mindset
Credentials
One Entry Point
Expanding
How to Detect
Centralized Logging
Event Logs
Example
A logon
Metasploit
Domain Domain User
Conclusion
Questions