Webcast: The Quest for the Kill Chain Killer Continues





Jordan and Kent have heard from a lot of people that the past Black Hills Information Security (BHIS) webcasts: “Group Policies That Kill Kill Chains” and “Active Directory Best Practices to Frustrate Attackers” have changed their business models for the better.

And since they’ve been offered the BHIS soapbox again, they thought it was time to update this material and combine it.

Security can sometimes move slow and other times blazingly fast. They’ll discuss what they’ve seen in the past year and how it impacts their view on baseline defensive configurations you shouldn’t be operating without.

At the end of the day, we are in this game to make things difficult for attackers, adversaries, and red teamers. We want to reduce mean time to detection. And we really want to help you make your networks and domains more secure.

So… why not update our favorite webcasts with everything we’ve learned since giving them?

Join the BLACK HILLS INFOSEC Discord Server — https://discord.gg/bhis

The Kill Chains Material: https://www.blackhillsinfosec.com/webcast-group-policies-that-kill-kill-chains/

How to Frustrate Attackers Material: https://www.blackhillsinfosec.com/webcast-group-policies-that-kill-kill-chains/

Recorded•2021-05-13

00:00 – FEATURE PRESENTATION BEGINS – The Quest for the Kill Chain Killer Continues

02:15 – What Changed in the Last Year?

06:31 – The Kill Chain

07:47 – Active Directory Best Practices to Frustrate Attackers

09:22 – Pre-Reqs

13:31 – Active Directory

16:16 – Organizational Units ^^ Policies

17:47 – Layer Two Protocols

20:53 – Addressing LLMNR (NBNS and WPAD too)

23:04 – Unaddressing of LLMNR

34:34 – Addressing NBNS

35:17 – Addressing WPAD

37:05 – File Shares

39:48 – SMB Signing

41:26 – IPv6

42:17 – LDAP Channel Binding

43:21 – Microsoft Store

44:21 – Too Many GPOs to Cover

45:07 – Dealing with Local Admins

45:51 – Network Logons

47:18 – Managed Service Accounts

48:59 – Application Controls

49:45 – Speaking of Ransomware…

50:48 – Firewalls

52:29 – Canary Accounts

53:19 – Network Analysis

54:45 – Credentials

57:08 – Wrap-Up and Questions


Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment.

https://www.blackhillsinfosec.com/services/cyber-range/