1. 7/23/2018
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2. Hacker Tools to Protect Windows Clients WIN-B327
Erdal Ozkaya
Raymond Comvalius

3. Warning! This Presentation Contains Occasional Bad Language & Subject Matter that some May find Disturbing and some information which you should not use in live environments without permissions.

4. Erdal Ozkaya www.ErdalOzkaya.com 7/23/2018
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5. Raymond Comvalius www.nextxpert.com @NEXTXPERT 7/23/2018
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6. Improvements that Microsoft has made in the Windows platforms have driven BAD GUYS to new tactics.

7. Those who realize they’ve been hacked.
There are two types of organizations.
Those who haven’t yet realized they’ve been hacked.

8. Moving forward, there will be two types of organizations

9. Those who adapt to the modern threat environment.

10. Those who don’t.

11. Attackers have set their sights on identity theft
and they’re breaking into systems as you!

12. ~75% of users use the same password on every web site
Banking
Small Online Business
Attackers steal passwords from small online businesses and use the same password to access more interesting accounts
~75% of users use the same password on every web site
(Robert Siciliano
Security Researcher - McAfee)
Attackers know this and exploit the weakness
Small Online Business
Small Online Business
Small Online Business

13. Personal information about you can almost certainly be found there!
There is a prolific and easily accessible black market, that facilitates the buying and selling of identities, credit cards, etc.
Personal information about you can almost certainly be found there!

15. One upon a time… Servers were the main targets,
7/23/2018
One upon a time…
Servers were the main targets,
but today this has changed…
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16. The new trend Client Side Attacks Web Browsers E-mail clients
Instant messaging
Streaming multimedia players
FTP clients
Web enabled applications and services
Social engineering
TBA !!! (zero day)

17. Why are client-side attacks successful?
Lack of effective defenses
Misbehavior assuming to be protected
Assuming to be UP TO DATE
Lack of common sense or good judgment
Again
Hacked

18. Vulnerabilities that lead to client-side attacks
User ignorance
Poor defenses
Malicious HTTP requests
Lack of maintenance

19. Demo
How are you tricked into this?

20. Implement Defense in Depth

21. The most secure environments follow the “least privilege” principle
Did you know ?
The most secure environments follow the “least privilege” principle

22. OS Mitigations

23. 7/23/2018
Privilege escalation
Elevating standard user to admin requires an exploitable bug
User Account Control will NOT save you from elevation
User Account Control is NOT a security boundary
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24. IE Protected Mode Only Internet Zone by default
Only with User Account Control enabled
iexplore.exe runs with Low Integrity Level
User Interface Privilege Isolation (UIPI)

26. The Universal App Modern App Sandboxed in AppContainer
Runs with Restricted Token
Runs at Low Integrity Level
Can only access its own folder in:
%programfiles%\WindowsApps
Capabilities defined by the developer
Helper Processes can do some common tasks

27. IE Enhanced Protected Mode
Default for Desktop Internet Explorer
32-bits content process default
Low Mandatory Label
No AppContainer restrictions
Default for Modern UI Internet Explorer
64-bits content process default
Runs in AppContainer in Windows 8 and higher

28. Additional Mitigations

29. Antivirus This was once effective Still recognizes the usual suspects
Easy to bypass?
“Symantec's senior vice president for information security estimates antivirus now catches just 45% of cyberattacks.”
The Wall Street Journal, May 4, 2014

30. Enhanced Mitigation Experience Toolkit (EMET)
Harden legacy applications
Verifying SSL certificates trust
Utilizes the Application Compatibility Framework
Test before you apply EMET!

31. Demo
Protecting Legacy Applications with EMET

32. Pass the Hash and Pass the Token

33. Pass The Hash and Pass The Token
Steal credentials from memory without the password
Use Bing and you can do it too (on Windows 7)

34. Mitigating Pass the Hash or Pass the Token
“Old” Mitigations
Don’t get hacked 
Don’t logon with elevated accounts
Restrict connectivity
Force a reboot after logging on with an elevated account
Never loose sight on your Domain Controllers

35. Demo
Pass the Hash
Pass the Token

36. Mitigating Pass the Hash or Pass the Token
New Mitigations in Windows 8.1 and Server 2012 R2
Strengthened LSASS
Less credentials in memory
Methods to restrict network access for local accounts
RDP Restricted Admin Mode
Protected Users group in Active Directory

37. Hacker Tools

38. Tools used by Hackers & Security Pro’s
Kali ( BackTrack) Linux
Metasploit
NMAP
Ophcrack
Sysinternals
Mimikatz
For more information check our blogs

39. Demo Hacker Tools summary 7/23/2018
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

40. Summary

41. Your Mitigations Don’t use administrative credentials Use Modern Apps
Keep your systems up-to-date
Keep using AntiVirus (for low hanging fruit)
Test and implement EMET
Encrypt your Domain Controllers

42. Windows 8.1 Security Capabilities
Modern Access Control
Securing the Sign-In
Secure Access to Resources
Malware Resistance
Securing the Boot
Securing the Code and Core
Securing the Desktop
Protect Sensitive Data
Securing Device with Encryption
First Class Biometric Experience
Multifactor Authentication for BYOD
Trustworthy Identities and Devices
Single Sign-On to Service Providers
Provable PC Health
Improved Windows Defender
Improved Internet Explorer
Improved System Core Hardening
Pervasive Device Encryption
Selective Wipe of Corp Data
Trustworthy Hardware
UEFI
UEFI
Modern Biometric Readers
TPM
TPM

43. Windows Resources Windows 10 http://aka.ms/trywin10
7/23/2018
Windows Resources
Windows 10
Stop by the Windows Booth to sign up for the Windows Insider Program to get a FREE Windows 10 T-shirt, whiles supplies last!
Windows Springboard windows.com/itpro
Windows Enterprise windows.com/enterprise
Microsoft Desktop Optimization Package (MDOP) microsoft.com/mdop
Desktop Virtualization (DV) microsoft.com/dv
Windows To Go microsoft.com/windows/wtg
Internet Explorer TechNet 
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

44. Resources Learning TechNet Developer Network
7/23/2018
Resources
Sessions on Demand
Learning
Microsoft Certification & Training Resources
TechNet
Resources for IT Professionals
Developer Network
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

45. Please Complete An Evaluation Form Your input is important!
7/23/2018
Please Complete An Evaluation Form Your input is important!
TechEd Mobile app
Phone or Tablet
QR code
TechEd Schedule Builder
CommNet station or PC
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

46. Evaluate this session 7/23/2018
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

47. 7/23/2018
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.