Derbycon 2016 – Deploying PAWs as Part of a Strategy to Limit Credential Theft and Lateral Movement

Bruce Schneier sums up credential theft much better than I can. He said the following in a blog post earlier this year: "The most common way hackers of all stripes, from criminals to hacktivists to foreign governments, break into networks is by stealing and using a valid credential. Rob Joyce, the head of the NSA’s Tailored Access Operations (TAO) group — basically the country’s chief hacker — gave a rare public talk at a conference in January. In essence, he said that zero-day vulnerabilities are overrated, and credential stealing is how he gets into networks. Stealing a valid credential and using it to access a network is easier, less risky, and ultimately more productive than using an existing vulnerability, even a zero-day." Privileged Access Workstations (PAWs) are hardened admin workstations implemented to protect privileged accounts. In this talk I will discuss my lessons learned while deploying PAWs in the real world as well as other techniques I’ve used to limit exposure to credential theft and lateral movement. I hope to show fellow blue teamers these types of controls are feasible to implement, even in small environments.
My name is Bill V. I’m passionate about security and I head up everything IT at a SMB in the financial industry. One of my favorite things about being a blue teamer is implementing an effective control network-wide and users not even noticing. I enjoy learning new offensive techniques, testing them out on my network, and building defenses and detection mechanisms around them.
For More information Please Visit:-

Source: SecurityTube.Net @ November 29, 2016 at 09:04PM