Webcast: Group Policies That Kill Kill Chains

On this webcast, we’ll guide you through an iterative process of building and deploying effective and practical Group Policy Objects (GPOs) that increase security posture.

Download slides: https://www.activecountermeasures.com/presentations/

0:45 Introducing what a kill chain is and general background you need for this webcast

15:53 Getting into group policies, best practices, group policies that we’re not covering today but you should be doing already

20:56 Local admin controls, honey accounts, LAPS, making a policy for admin groups

27:02 Addressing LLMNR, SMB signing, configuring host firewalls

33:43 Limiting and restricting logons, configuring your web proxies/WPAD, logging your network and alerts

42:46 Kerberos ticket operations, catching Powershell and CMD, utilizing Sysmon

47:44 Q&A

Jordan and Kent are back again!

On this webcast, we’ll guide you through an iterative process of building and deploying effective and practical Group Policy Objects (GPOs) that increase security posture. The GPOs will specifically focus on things that make attacker’s lives difficult and assist in shutting down the kill chain.

Windows Auditing, Logging, Event Forwarding? Yes.

Sysmon? Yes.

Destroy LanMan? Killing LLMNR? Extending the AD schema for longer minimum password length?

Yes. Yes. Yes.

Limiting admin network logons? Yes.

LAPS? Sure, why not?

ADExplorer? Yes.

Much much more.

Plus additional commentary on striking a balance between user convenience and practical security.

These are the Group Policies that trip us up on every pentest in some fashion or another. Combining these configurations creates a baseline security that stops attackers in their tracks and causes them to move on to an easier victim.

Join us for another feast at the smorgasbord of Windows configuration options and let us help you narrow your sysadmin focus for maximum results with minimal effort.

Q&A:

We had a ton of great questions asked during the webcast and many people asked us to make them available. So, here is a downloadable PDF of all the Questions & Answers.


Wild West Hackin’ Fest – Most Hands-On Infosec Con!

Join us at the new Way West Wild West Hackin’ Fest in San Diego — March 11-13th, 2020. Learn more: https://www.wildwesthackinfest.com/

Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts.

Join 1,800 other subscribers

Join 1,800 other subscribers