7MS #301: CredDefense

7 Minute Security15 Maalis 2018

7MS #301: CredDefense

Intro

CredDefense is a freakin' sweet tool from the fine folks at Black Hills Information Security that does some really nifty things:

Password filter

Lets say you use the out-of-the-box password policy that comes with Active Directory, and you want to change your password to Winter2017! - AD is gonna say "Yeah dude/dudette, go for it...it fits the bill!" But from an attacker's perspective we know this is bad - people love to pick bad seasonal passwords like Winter2017, Summer2019, etc.

With CredDefense's password filter in the mix, any new password gets checked against an additional word list, and if there's a match found within, BAM!! - password rejected.

Password audit

Ok, so now are you curious who in your AD environment is already using crappy passwords like Winter2017? Load up the password audit feature, feed it a big wordlist like rockyou, and you'll be good to go in no time.

ResponderGuard

This is a nifty PowerShell tool that can jack with pentesters/attackers in your environment who are running the popular cred-stealing Responder tool. And what I especially appreciate from a blue team perspective is that if ResponderGuard catches Responder in use in the environment, it can stamp a log in the event log, which can then in turn generate an email if you're using something like WEFFLES (which we talked about recently) and the nifty WEFFLES email script my pal hackern0v1c3 put together here.

Kokeile Premiumia

Nauti 14 päivää ilmaiseksi

Jaksot(719)

7MS #398: Securing Your Network with Raspberry Pi Sensors

7MS #398: Securing Your Network with Raspberry Pi Sensors

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersec...

30 Tammi 202050min

7MS #397: OPSEC Tips for Security Consultants

7MS #397: OPSEC Tips for Security Consultants

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersec...

23 Tammi 202036min

7MS #396: Tales of Internal Pentest Pwnage - Part 13

7MS #396: Tales of Internal Pentest Pwnage - Part 13

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersec...

15 Tammi 202053min

7MS #395: Tales of Internal Pentest Pwnage - Part 12

7MS #395: Tales of Internal Pentest Pwnage - Part 12

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersec...

9 Tammi 20201h 5min

7MS #394: DIY Pwnagotchi

7MS #394: DIY Pwnagotchi

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersec...

3 Tammi 202043min

7MS #393: Interview with Peter Kim

7MS #393: Interview with Peter Kim

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent...

26 Joulu 20191h 24min

7MS #392: LAPS Reloaded

7MS #392: LAPS Reloaded

Today's episode is brought to you by ITProTV. It's never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get ...

19 Joulu 201924min

7MS #391: Securing Your Family During and After a Disaster - Part 3

7MS #391: Securing Your Family During and After a Disaster - Part 3

Today's episode is brought to you by ITProTV. It's never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get ...

12 Joulu 201949min

Kaikki yhdessä sovelluksessa

Kuuntele kaikki suosikkipodcastisi ja -äänikirjasi yhdessä paikassa.

Sinulle valikoitua sisältöä

Podme-sovelluksessa kokoat suosikkisi helposti omaan kirjastoosi. Saat meiltä myös kuuntelusuosituksia!

Jatka kuuntelua koska tahansa

Voit jatkaa siitä mihin jäit, myös offline-tilassa.

Premium

9,99 €/kk

Kaikki premium-podcastit
Ei mainoksia
Ei sitoutumista, peruuta koska tahansa

Aloita 14 päivän kokeilu

Premium

13,99 €/kk

Kaikki premium-podcastit
Ei mainoksia
Ei sitoutumista, peruuta koska tahansa
Yksi lisäkäyttäjä

Kokeile 14 päivää maksutta

Suosittua kategoriassa Politiikka ja uutiset

politiikan-puskaradio

rss-ootsa-kuullut-tasta

ootsa-kuullut-tasta-2

rss-podme-livebox

rss-ulkopoditiikkaa

the-ulkopolitist

rss-vaalirankkurit-podcast

et-sa-noin-voi-sanoo-esittaa

rss-mina-ukkola

rss-polikulaari-pitka-kiekko-ja-muut-ts-podcastit

rss-tasta-on-kyse-ivan-puopolo-verkkouutiset

rss-girls-finish-f1rst

Tarinat ja äänet, joita rakastat kuunnella

Kuuntele kaikki suosikkipodcastisi ja -äänikirjasi