Ing. Ondřej Ševeček | GOPAS a.s. | MCSM:Directory | MVP:Enterprise Security | CEH:Certified Ethical Hacker | CHFI:Computer Hacking Forensic Investigator.

Slides:



Advertisements
Similar presentations
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Advertisements

Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
Lecture 23 Internet Authentication Applications
Chapter 13 Securing Windows Server 2008
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
Chapter 7 HARDENING SERVERS.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Kerberos Underworld Ondrej Sevecek | MCM: Directory | MVP: Security |
Ing. Ondřej Ševeček MCSM:Directory | MVP:Enterprise Security | Certified Ethical Hacker | MCSE:SharePoint | Smart card.
11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
November 2009 Secure Data Transmission May 2014 What are Secure Methods of Transmission? Encrypted Services Encrypted Memory Sticks Fax Secure.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | Certified Ethical Hacker | |
Network and Active Directory Performance Monitoring and Troubleshooting NETW4008 Lecture 8.
Troubleshoot Access, Authentication, and User Account Control Issues Lesson 8.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
Microsoft ® Official Course Module 8 Securing Windows 8 Desktops.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Week #7 Objectives: Secure Windows 7 Desktop
Bezpečnost Windows pro pokročilé: uživatelské účty GOPAS: | | Ing. Ondřej Ševeček | GOPAS a.s. |
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
What would a real hacker do to your AD GOPAS: | | Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Troubleshooting Windows Vista Security Chapter 4.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Passwords Everywhere GOPAS: | | Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP:
INFSO-RI Enabling Grids for E-sciencE Getting Started Guy Warner NeSC Training Team Induction to Grid Computing and the National.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
What is new in security in Windows 2012 or Dynamic Access Control Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
Module 9: Fundamentals of Securing Network Communication.
Craig A. Brown Practice Leader – Microsoft Global Knowledge MCT, Since 1996 MCSA/MCSE NT/2000/2003 MCDST MCITP: ES / CS.
King Mongkut’s University of Technology Faculty of Information Technology Network Security Prof. Reuven Aviv 6. Public Key Infrastructure Prof. R. Aviv,
System Hacking Active System Intrusion. Aspects of System Hacking System password guessing Password cracking Key loggers Eavesdropping Sniffers Man in.
Ing. Ondřej Ševeček | | | MCM:Directory | MVP:Security | MCSE:Windows2012 | MCSE:SharePoint | MCT | Certified Ethical.
Bezpečnost Windows pro pokročilé: přístup do sítě GOPAS: | | Ing. Ondřej Ševeček | GOPAS a.s. | MCM:Directory.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Designing Secure SharePoint External Access Ondrej Sevecek | MCM: Directory | MVP: Security |
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | CEH | | |
Single Sign-On across Web Services Ernest Artiaga CERN - OpenLab Security Workshop – April 2004.
Bezpečnost Windows pro pokročilé: zajímavosti a UAC GOPAS: | | Ing. Ondřej Ševeček | GOPAS a.s. |
Ing. Ondřej Ševeček MCSM:Directory | MVP:Enterprise Security | Certified Ethical Hacker | MCSE:SharePoint | Event Filtering.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Creating and Managing Digital Certificates Chapter Eleven.
Week 4 Objectives Overview of Group Policy Group Policy Processing Implementing a Central Store for Administrative Templates.
Web Services Security Patterns Alex Mackman CM Group Ltd
Bezpečnost Windows pro pokročilé: protokoly a sledování přihlášení GOPAS: | | Ing. Ondřej Ševeček.
Ing. Ondřej Ševeček MCSM:Directory | MVP:Enterprise Security | Certified Ethical Hacker | MCSE:SharePoint | Passwords.
Ondrej Sevecek | GOPAS a.s. MCSM:Directory Services | MVP:Enteprise Security | CISA | CEH | CHFI | facebook: ondrej.sevecek.official.
Implementing SSTP VPN and 802.1x with RADIUS on Windows 2012 Ing. Ondřej Ševeček | Product Manager Windows Server | GOPAS a.s. MCM: Directory | MVP: Security.
Ondrej Sevecek | GOPAS a.s. MCSM:Directory Services | MVP:Enteprise Security | CISA | CEH | CHFI | Enterprise certification.
Ing. Ondrej Sevecek MCSM:Directory2012 | MVP:Security | CEH | MCSE:Windows2012 | What would a real hacker do to your AD.
What is new in security in Windows 2012 or Dynamic Access Control
Passwords Everywhere Ing. Ondřej Ševeček | GOPAS a.s. |
Tactic 4: Defend Your Domain Controllers
SharePoint and IIS core integration
Network Security – Kerberos
Lecture 4 - Cryptography
Install AD Certificate Services
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
GOPAS TechEd 2012 Kerberos Delegation
Presentation transcript:

Ing. Ondřej Ševeček | GOPAS a.s. | MCSM:Directory | MVP:Enterprise Security | CEH:Certified Ethical Hacker | CHFI:Computer Hacking Forensic Investigator | | | Infrastructure (in)security

Agenda  Where antimalware fails?  Where admin fails!

Custom code  Antimalware detects only well-known code signatures –heuristics?  PowerShell, C#, ASP, …  Take a look at this…

Limited user  Hardware keylogger *  Software keylogger * –  Never type sensitive passwords on insecure machines

What to do with a password?  Try if any other account does not have the same password * –  Never use the same password twice

UAC will keep me secure  No –  It works only locally –code started manually *  Do not work under sensitive accounts  Use personal limited accounts

That guys are local admins!  Hack local admin * –system partition unencrypted –  Any workstation is compromised  Encrypt system with BitLocker and TPM –users must not know the password

UAC will keep me secure  No  It works only locally –code injected through "autorun" *  Do not work under sensitive accounts on insecure machines

Audit tools?  Antimalware?  Autoruns? –does not verify PowerShell code * –trusts in what you yourself trust * –  Every tool can be fooled

Web servers  Third party suppliers  Local limited admins –impersonation * –basic delegation * –Kerberos delegation *  Never access applications with privileged accounts

RDP is plain-text authentication  Unfortunately –passwords can be extracted from LSASS memory * –  Use MMC, RPC, DCOM, WMI, C$, Admin$, REGEDIT or SCCM Remote Tools instead –authenticates with Kerberos

LSASS extraction made nice  Just let the admin access your web site –passwords can be extracted from LSASS memory *  Again, never access applications with privileged accounts

Stolen CA  NTAuth CAs issue logon certificates independently from DCs –never appears on CRL *  Do not let them take your CA

Thank you!  and also come to GOPAS: –GOC169 - Auditing ISO/IEC and –GOC171 - Active Directory Troubleshooting –GOC172 - Kerberos Troubleshooting –GOC173 - Enterprise Cryptography and PKI –GOC175 - Advanced Windows Security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.