AD: Be protected against “Pass the Hash” attacks

Resources materials:

AD Security:

Preventing mimikatz attacks: https://medium.com/blue-team/preventing-mimikatz-attacks-ed283e7ebdd5

https://adsecurity.org/?p=1684

https://digital-forensics.sans.org/blog/2013/06/20/overview-of-microsofts-best-practices-for-securing-active-directory

Mimikatz and Active Directory Kerberos Attacks:

https://adsecurity.org/?p=556

https://www.nsa.gov/ia/_files/app/Reducing_the_Effectiveness_of_Pass-the-Hash.pdf

https://www.nsa.gov/ia/_files/app/Spotting_the_Adversary_with_Windows_Event_Log_Monitoring.pdf

http://www.gentilkiwi.com/mimikatz    /   http://blog.gentilkiwi.com/

Scripts:

https://github.com/iadgov/Pass-the-Hash-Guidance
https://github.com/iadgov/Event-Forwarding-Guidance

Domain lockdown: https://github.com/curi0usJack/activedirectory

Microsoft resources:

http://www.microsoft.com/pth

http://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating-Pass-the-Hash-Attacks-and-Other-Credential-Theft-Version-2.pdf

http://blogs.technet.com/b/security/archive/2014/07/08/new-strategies-and-features-to-help-organizations-better-protect-against-pass-the-hash-attacks.aspx

 

Pass the Hash – isolation technique:

passTheHash

Implementing Tier-zones model on Active Directory:

https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material

Mitigate Credential theft with Administrative Tier Model

 

 

 

 

Published by jdalbera

IT Pro: 25 years experience for large companies - Technical manager and solution architect: Directory services and Identity Management, Azure AD, Office 365, Azure infrastructures, Microsoft AD Security (ADDS,ADFS,ADCS), PowerShell, Quest solutions architect. Operating systems (Win/Lin). Unix and Microsoft interoperability. Data center Operations. Company integrations. Network architectures. Virtualization and storage infrastructures. HP/Dell servers deployments. Certifications: MCSE, MCPs, MCITS, ITIL, VCP, CCNA, CyberArk

%d bloggers like this: