On this webcast, we’ll guide you through an iterative process of building and deploying effective and practical Group Policy Objects (GPOs) that increase security posture.
Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_GroupPoliciesThatKillKillChains.pdf
0:45 Introducing what a kill chain is and general background you need for this webcast
15:53 Getting into group policies, best practices, group policies that we’re not covering today but you should be doing already
20:56 Local admin controls, honey accounts, LAPS, making a policy for admin groups
27:02 Addressing LLMNR, SMB signing, configuring host firewalls
33:43 Limiting and restricting logons, configuring your web proxies/WPAD, logging your network and alerts
42:46 Kerberos ticket operations, catching Powershell and CMD, utilizing Sysmon
Jordan and Kent are back again!
On this webcast, we’ll guide you through an iterative process of building and deploying effective and practical Group Policy Objects (GPOs) that increase security posture. The GPOs will specifically focus on things that make attacker’s lives difficult and assist in shutting down the kill chain.
Windows Auditing, Logging, Event Forwarding? Yes.
Destroy LanMan? Killing LLMNR? Extending the AD schema for longer minimum password length?
Yes. Yes. Yes.
Limiting admin network logons? Yes.
LAPS? Sure, why not?
Much much more.
Plus additional commentary on striking a balance between user convenience and practical security.
These are the Group Policies that trip us up on every pentest in some fashion or another. Combining these configurations creates a baseline security that stops attackers in their tracks and causes them to move on to an easier victim.
Join us for another feast at the smorgasbord of Windows configuration options and let us help you narrow your sysadmin focus for maximum results with minimal effort.
We had a ton of great questions asked during the webcast and many people asked us to make them available. So, here is a downloadable PDF of all the Questions & Answers.