1 00:00:00,210 --> 00:00:03,490 Let's talk mitigation for past the hash pass the password. 2 00:00:03,750 --> 00:00:07,020 Now mitigating this completely is difficult. 3 00:00:07,230 --> 00:00:12,750 But as an administrator you can make my life very difficult as an attacker. 4 00:00:12,810 --> 00:00:20,490 So one thing to note is if you limit your account reuse for example Frank Castle being a local advocate 5 00:00:20,520 --> 00:00:26,820 on multiple computers when we pass the password that got us into multiple machines we only had access 6 00:00:26,820 --> 00:00:28,230 to one machine. 7 00:00:28,230 --> 00:00:32,010 Now we laterally moved across the network to another machine. 8 00:00:32,010 --> 00:00:36,630 And who knows what we're going to find because it's a whole different set of cash dump when you saw 9 00:00:36,630 --> 00:00:38,220 we dumped the hash. 10 00:00:38,280 --> 00:00:43,000 We can also start looking through files on computers looking for anything interesting. 11 00:00:43,020 --> 00:00:47,580 You're going to see some more attacks that we're going to find here and there's different attacks that 12 00:00:47,580 --> 00:00:51,150 we can pull off as a user so there's things that one machine might not have for us. 13 00:00:51,150 --> 00:00:54,870 But once we move laterally to another machine then guess what. 14 00:00:54,870 --> 00:00:56,210 It's a whole new ballgame. 15 00:00:56,220 --> 00:01:01,640 And then that might open up something we didn't see before that allows us to escalate into domain admin. 16 00:01:01,680 --> 00:01:08,000 So if we do not have local admins on machines or reusing them then guess what. 17 00:01:08,040 --> 00:01:10,140 It's gonna be really hard for us to do that. 18 00:01:10,230 --> 00:01:14,430 Again you should also limit who is that local administrator right least privilege we've talked about 19 00:01:14,430 --> 00:01:20,730 this time and time again here the strong passwords come into play as well not so much for the passing 20 00:01:20,730 --> 00:01:26,100 of the hash but passing of the password if we're never able to crack the entail and b to hash in the 21 00:01:26,100 --> 00:01:31,620 first place and get in a shell on these machines then we're never gonna be able to actually perform 22 00:01:31,620 --> 00:01:34,010 these attacks and get here in the first place. 23 00:01:34,050 --> 00:01:38,850 So utilizing strong passwords in your network is big big big. 24 00:01:38,850 --> 00:01:45,000 Lastly we talked about the last video privileged access management you can make my life very difficult 25 00:01:45,390 --> 00:01:50,130 in a situation where you're using privilege access management in that story that I talked about where 26 00:01:50,190 --> 00:01:54,870 I took down that network that had that million dollar privilege access management right they were using 27 00:01:54,870 --> 00:01:57,290 cyber Iraq and they had that tool. 28 00:01:57,330 --> 00:02:04,390 I took them down because they were using bad local ad and passwords and they were reusing them had they'd 29 00:02:04,400 --> 00:02:08,630 been using good local app and passwords and they weren't reusing them. 30 00:02:08,730 --> 00:02:10,130 I would have failed on that assessment. 31 00:02:10,130 --> 00:02:12,300 Hands down no doubt about it. 32 00:02:12,450 --> 00:02:18,390 But because of that they had a big weakness there and it can just bypass these million dollar systems. 33 00:02:18,390 --> 00:02:22,860 However these systems are important very very important. 34 00:02:22,860 --> 00:02:28,140 So if you can utilize it if you have the funds to utilize privacy issues management in your system and 35 00:02:28,140 --> 00:02:30,180 your environment please do it. 36 00:02:30,180 --> 00:02:31,680 It's really worth it. 37 00:02:31,680 --> 00:02:33,150 So that's it for this. 38 00:02:33,150 --> 00:02:38,310 So now we're going to move on to what are called toque impersonation attacks and these are really fun. 39 00:02:38,310 --> 00:02:39,930 We're going to see why in the next video.