The team at FIRST (Forum of Incident Response and Security Teams) reached out to talk about my upcoming presentation on Windows credential attacks at their annual conference. We spoke about why enterprise credential protection is so important and some of the recent Microsoft updates to help minimize the attack surface. The entire Windows credential infrastructure has been under unceasing attack over the last couple of years, and amazingly things are about to get far worse. New tools like Bloodhound and Death Star are using graph databases to effortlessly map account permissions and sessions, greatly magnifying poor credential hygiene. At the moment, it is hard to imagine a larger threat to the enterprise. Podcast:https://media.first.org/podcasts/FIRST2017_ChadTilbury.mp3
If you will miss FIRST2017, I will be presenting a complementary presentation at the SANS DFIR Summit on June 22, 2017.