Credential theft attacks can be described as a technique in which account logon credentials are captured from a compromised computer, and then used to authenticate to other systems on the network. Attack techniques which fall in the categories of "Credential Theft" or "Credential Reuse" have grown in the last few years into one of the biggest threats to Microsoft Windows environments.
In recent months, this development was promoted by the significant improvement and wide distribution of attack tools, such as mimikatz and Windows Credential Editor. This led to theoretical attacks being actually possible in real world scenarios with the application of the aforementioned methods. Once an attacker gains initial foothold on a single system in the environment it takes often less than 48 hours until the entire Active Directory infrastructure is compromised.
But how can such a threat be handled?
In this intensive two-day seminar we will present various technical and organizational measures to protect both individual critical Microsoft Windows systems, as well as the entire Active Directory. The goals in mind are to prevent credential theft in the first place, but also to protect against and detect unauthorized use of stolen credentials as early as possible.
Introduction
Credential Theft & Reuse Attacks
Practical Exercises for All Mentioned Attack Techniques
Detailed Examination of Relevant Measures to Reduce Risks
Technical measures
Active Directory Monitoring
Practical Exercise to Create an Advanced Audit Policy
Friedwart Kuhn is a renowned expert for Active Directory security and has performed a huge number of projects both in the concept and design space and in the pentesting and incident analysis field.
Heinrich Wiederkehr is a Security Consultant at ERNW and part of the Microsoft security team. He focuses on research, conception und assessment in various areas of Windows-based environments. Apart from security trainings, his work concentrates on audits and pentests of large-scale enterprise networks with emphasis on Active Directory. A wide variety of projects for different customers give him a solid awareness of the practical realities and an eye for essentials. Heinrich holds a Bachelor degree in Corporate & IT Security at University of Applied Sciences Offenburg.