Protecting Privileged Domain Accounts during Live Response
Protecting Privileged Domain Accounts during Live Response
Protecting Privileged Domain Accounts during Live Response
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Fixing Reflective Attack:<br />
IR workstations need MS08-‐068 applied<br />
Fixing Relay Attack:<br />
<br />
NTLMv2:<br />
EPA embeds the Service Principal Name of the target service with<br />
<br />
Extended Protection works because only domain controllers and<br />
machines where the user directly enters the password can<br />
compute/validate the Integrity Hash for the security blobs.<br />
However, to be effective, ALL machines on the network must<br />
enforce its use, which is no small task in most environments.<br />
41