Category Protecting Windows Networks

Protecting Windows Networks – EMET

Memory corruption bugs continue to plague us in all kinds of software – they often at the core of headline breaches and dangerous zero-day vulnerabilities. Over the years various mitigation technologies was developed to address this problem, such as EMET – a free suite of protections from Microsoft. What memory bugs? In unsafe languages like […]

Protecting Windows Networks – AppLocker

Application Whitelisting is a powerful technology that could protect us from unknown malware, but it never really take off. One of the main reasons for that – it is hard to configure and maintain. Another – there are quite a few known bypass techniques, so it can’t stop determined attackers. Although, there are multiple commercial […]

Protecting Windows Networks – Kerberos Attacks

MEDIA NOTE: This is not a new flaw, just a good write-up! I don’t know why media reporting this as a new flaw. Kerberos is an authentication protocol that is used by default in Windows networks and provide mutual authentication and authorization for clients and servers. It does not require you to send a password […]

Protecting Windows Networks – Dealing with credential theft

Credential theft is a huge problem, if you care to look at Verizon Data Breach reports over the years, you will see that use of stolen credentials was lingering at the top intrusion method for quite some time. They also prevalent in APT attacks. And why wouldn’t it be? You don’t need expensive zero days […]

Protecting Windows Networks – Defeating Pass-the-Hash

Pass-the-hash is popular attack technique to move laterally inside the network that relies on two components – the NTLM authentication protocol and ability to gain password hashes. This attack allows you to log in on the systems via stolen hash instead of providing clear text password, so there is no need to crack those hashes. […]

Protecting Windows Networks – Local administrative accounts management

There is a common problem in all environments with local administrative accounts, such as local Administrator account, root accounts or any kind of application specific built-in admin accounts set to a common password, shared across all systems. It is a tough problem to solve at scale, because as soon as you get more than a […]

Protecting Windows Networks – UAC

In the good old days, users on Windows machines had admin access by default, so malware and hackers didn’t really have to work hard to get the system completely compromised – they really just needed to have a single vulnerability in any user or system application to get a fully privileged access to the system. […]