1
00:00:00,250 --> 00:00:00,550
All right.

2
00:00:00,570 --> 00:00:04,830
Mitigation so just a couple options here.

3
00:00:04,830 --> 00:00:09,400
Now Kerber hosting this is a feature of windows right.

4
00:00:09,480 --> 00:00:16,650
We're abusing a feature so there's nothing that you can really do to defend against this except having

5
00:00:16,650 --> 00:00:22,260
strong passwords for your service counts very strong passwords not 14 characters like we cracked like

6
00:00:22,290 --> 00:00:23,880
30 characters or more.

7
00:00:23,880 --> 00:00:26,170
You know the longer the better.

8
00:00:26,250 --> 00:00:33,450
On top of that least privilege do not make your domain accounts domain administrators or do not make

9
00:00:33,450 --> 00:00:36,320
your service accounts domain administrators right.

10
00:00:36,330 --> 00:00:42,660
Lease privilege here too often we see service counts running as domain administrator and too often we

11
00:00:42,660 --> 00:00:46,000
see service accounts running with weak passwords.

12
00:00:46,080 --> 00:00:50,340
Combine those two and you're gonna have a bad day as a network administrator.

13
00:00:50,340 --> 00:00:50,940
So that's it.

14
00:00:50,940 --> 00:00:53,330
Pretty simple on the mitigation strategy.

15
00:00:53,340 --> 00:01:00,300
So from here we're going to talk about an older but yet still relevant attack and this attack is called

16
00:01:00,600 --> 00:01:03,990
C password attack or a GOP attack.

17
00:01:03,990 --> 00:01:08,730
So we'll go ahead and see in the next video when we talk about this and revisit hack the box.