|
@jhencinski | |||||
|
👋 #Redteam operators: Which defensive settings have you encountered that made it *super* painful for you to operate in a Windows AD environment?
|
||||||
|
||||||
|
Oliver Jäkel
@JaekelEDV
|
28. sij |
|
No client-to-client comm. 😈
This is why I love the Windows Firewall. Supereasy to implement this and thus making lateral movement a lot harder. And again I recommend this pearl by @jepayneMSFT
channel9.msdn.com/Events/Ignite/…
#BlueTeam #DFIR #IrritateTheHellOutOfThem
|
||
|
|
||
|
Oliver Jäkel
@JaekelEDV
|
30. sij |
|
|
||
|
Henri
@0xffhh
|
28. sij |
|
Have seen all three, although all very annoying, there are workarounds which make it bearable. Of the list, no client-to-client is the most annoying. But overal, the most annoying is good visibility by the blue team. Not being able to misbehave without getting caught is nightmare
|
||
|
|
||
|
Karl Mueller byeShmoo!
@infosecspy
|
28. sij |
|
Voting other because #blueteam and I’m really curious to see if I’m right about my controls 😋
|
||
|
|
||
|
Karl Mueller byeShmoo!
@infosecspy
|
28. sij |
|
TBH whitelisting has annoyed more of our pentesters than anything else.
|
||
|
|
||
|
Harman
@DigitalAmli
|
29. sij |
|
Compromising/abusing trust relationships and lateral movement is all about multiple systems networked in an environment. Have come across internal firewall using desktop firewalls, makes it hard. Somehow this is so under-rated by clients in favour of third party products.
|
||
|
|
||
|
minis_io
@minis_io
|
29. sij |
|
No client-to-client along with several others. threatexpress.com/blogs/2018/thr…
|
||
|
|
||
|
Malware Lion
@MalwareLion
|
29. sij |
|
Combination of perfectly rolled out Windows Defender ATP and deception solution in place.
|
||
|
|
||
|
Fatih K.
@bigitsec
|
29. sij |
|
Privilege escalation controls and alarms
|
||
|
|
||
|
BenAylett.com
@BenAylett
|
29. sij |
|
This is gold.
I wish I had thought to ask this question ages ago.
Should be a regular question asked each year or 6 months.
|
||
|
|
||