Jordan and Kent have heard from a lot of people that the past Black Hills Information Security (BHIS) webcasts: “Group Policies That Kill Kill Chains” and “Active Directory Best Practices to Frustrate Attackers” have changed their business models for the better.
And since they’ve been offered the BHIS soapbox again, they thought it was time to update this material and combine it.
Security can sometimes move slow and other times blazingly fast. They’ll discuss what they’ve seen in the past year and how it impacts their view on baseline defensive configurations you shouldn’t be operating without.
At the end of the day, we are in this game to make things difficult for attackers, adversaries, and red teamers. We want to reduce mean time to detection. And we really want to help you make your networks and domains more secure.
So… why not update our favorite webcasts with everything we’ve learned since giving them?
Join the BLACK HILLS INFOSEC Discord Server — https://discord.gg/bhis
The Kill Chains Material: https://www.blackhillsinfosec.com/webcast-group-policies-that-kill-kill-chains/
How to Frustrate Attackers Material: https://www.blackhillsinfosec.com/webcast-group-policies-that-kill-kill-chains/
00:00 – FEATURE PRESENTATION BEGINS – The Quest for the Kill Chain Killer Continues
02:15 – What Changed in the Last Year?
06:31 – The Kill Chain
07:47 – Active Directory Best Practices to Frustrate Attackers
09:22 – Pre-Reqs
13:31 – Active Directory
16:16 – Organizational Units ^^ Policies
17:47 – Layer Two Protocols
20:53 – Addressing LLMNR (NBNS and WPAD too)
23:04 – Unaddressing of LLMNR
34:34 – Addressing NBNS
35:17 – Addressing WPAD
37:05 – File Shares
39:48 – SMB Signing
41:26 – IPv6
42:17 – LDAP Channel Binding
43:21 – Microsoft Store
44:21 – Too Many GPOs to Cover
45:07 – Dealing with Local Admins
45:51 – Network Logons
47:18 – Managed Service Accounts
48:59 – Application Controls
49:45 – Speaking of Ransomware…
50:48 – Firewalls
52:29 – Canary Accounts
53:19 – Network Analysis
54:45 – Credentials
57:08 – Wrap-Up and Questions
Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment.