Team Ares Red and Blue Series:  Exploiting Enterprise Passwords

Logo
Presented by

Cory Mathews, Offensive Security Manager and Joffrin Alexander, DFIR Analyst

About this talk

No matter how much you think you’ve done to safeguard your data and systems against breaches, common vulnerabilities continue to wreak havoc on enterprises. 80% of hacking-related breaches involved compromised and weak credentials. Attackers are finding quick access to enterprise domain admins by simply guessing a password and logging in as that domain admin. Given these challenges, what can you do to shore up your passwords and protect your organization? Join CRITICALSTART’s TEAMARES security experts, Cory Mathews and Joffrin Alexander, as they present, “Exploiting Enterprise Passwords." From phishing pages to password spraying, you’ll learn how attackers gain access to passwords and what they do with those passwords once they’ve cracked them, as well as: - Methods to defend against these attacks specifically focusing on using strong passwords, password manager solutions, and probably most importantly multi-factor authentication. - External attacks such as logging in to enterprise solutions such as OWA, VPN, and file shares to maliciously changing passwords to lockout user’s access – and what you can do to prevent these attacks. - Proactive defense strategies including how to ensure you’re using strong passwords and how multi-factor can prevent breaches. - Internal actions you can take such as limiting excessive admin rights and other preventative measures.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (15)
Subscribers (779)
Critical Start is the only MDR provider committed to eliminating acceptable risk and leaving nothing to chance. We believe that companies should never have to settle for “good enough.” Our award-winning portfolio includes end-to-end Professional Services and Managed Detection and Response (MDR). Our MDR puts a stop to alert fatigue by leveraging our ZTAP platform plus industry-leading Trusted Behavior Registry, which eliminates false positives at scale by resolving known-good behaviors. Driven by 24x7x365 human-led, end-to-end monitoring, investigation and remediation of alerts, our on-the-go threat detection and response capabilities are enabled via a fully interactive MOBILESOC.