Pwn the Pentester - Easy Ways to Defend and Harden Your Network
Vložit
- čas přidán 13. 09. 2024
- Attackers and pentesters continue to be super effective at abusing our internal networks for fun and profit. But with a little time and some free tools, we can harden our environment and eliminate a lot of this “low hanging hacker fruit” that attackers love to abuse. Wouldn’t you love to see someone else sweat a little bit during your next pentest?
The reality is that on most penetration tests, there’s a list of 5-10 tools and techniques that will almost always yield an “easy win.” The good news for us is that many of these attacks have easy and free mitigations - but few organizations take the time to learn and apply them! In this session, Brian Johnson from 7 Minute Security will discuss many of these popular network defense strategies, including:
* Preventing your Active Directory users from picking over 500 million bad passwords
* Turning your logging “up to 11” to find signs of network compromise
* Disabling insecure network protocols
* Enabling SMB signing
* Installing the Microsoft Local Administrator Password Solution (LAPS)
These defenses will be shown live in a lab network, and supplemental documentation will be made available so attendees can apply what they’ve learned when they get back to the office.
