1
00:00:01,820 --> 00:00:02,050
OK.

2
00:00:02,080 --> 00:00:07,050
Let's talk through these briefly in the last video I said these solutions pretty easy.

3
00:00:07,060 --> 00:00:08,610
Well that's kind of true.

4
00:00:08,620 --> 00:00:09,400
Kind of false.

5
00:00:09,400 --> 00:00:15,700
The solution is easy if we just go willy nilly and we disable IPG sixth this completely prevents this

6
00:00:15,700 --> 00:00:16,120
attack.

7
00:00:16,130 --> 00:00:16,330
Right.

8
00:00:16,330 --> 00:00:19,600
If ITV 6 isn't enabled in the network then guess what.

9
00:00:19,600 --> 00:00:24,730
We can't be an ITV six DNS server because there's nothing for us to do.

10
00:00:25,420 --> 00:00:30,190
So disabling IP 6 can have unwanted side effects.

11
00:00:30,280 --> 00:00:35,920
So the recommended thing to do is actually to prevent some of these.

12
00:00:35,920 --> 00:00:41,440
So we just defined block rules instead of allow rules when we have our firewall.

13
00:00:41,440 --> 00:00:42,660
So I've listed those here.

14
00:00:42,720 --> 00:00:44,520
Not to worry too much about them.

15
00:00:44,530 --> 00:00:48,310
This could be something to just copy a picture of and have for your notes especially if you're studying

16
00:00:48,310 --> 00:00:48,940
up.

17
00:00:48,940 --> 00:00:53,260
I don't think you'll ever be asked as an interview but if you're ever pulling off this sort of attack

18
00:00:53,620 --> 00:00:56,910
it might be good to know for a client purpose.

19
00:00:56,920 --> 00:01:03,130
Another thing to note is that if we're not using w pad then we should disable it with group policy.

20
00:01:03,130 --> 00:01:05,110
And this tells you just how to do that.

21
00:01:05,110 --> 00:01:06,760
And then the relaying.

22
00:01:06,760 --> 00:01:14,530
So we did relaying to Al DAP and al that as we only can mitigate this by enabling Al that signing and

23
00:01:14,530 --> 00:01:15,700
channel binding.

24
00:01:15,730 --> 00:01:18,200
So that's another mitigation strategy here.

25
00:01:18,280 --> 00:01:23,380
So we could have prevented the El that attack that you saw but typically end up signing and channeled

26
00:01:23,380 --> 00:01:26,760
binding are not enabled by most clients.

27
00:01:26,800 --> 00:01:29,210
I can't remember a time that I have seen it.

28
00:01:29,290 --> 00:01:37,930
So last thing to consider is that we can put users into the protected users group and that would prevent

29
00:01:37,960 --> 00:01:43,600
impersonation or delegation which we didn't actually cover a delegation attack but I did show you that

30
00:01:43,600 --> 00:01:46,640
blog posting where it had the delegate access.

31
00:01:46,870 --> 00:01:54,580
If we're able to do delegate access against a machine then we can you know just abuse that feature even

32
00:01:54,580 --> 00:01:54,980
more.

33
00:01:54,980 --> 00:01:59,490
And so sure to fully disable this there's a few different things that we have to do.

34
00:01:59,500 --> 00:02:05,440
We can cut the head off by disabling IP B6 but best practice says hey you know we should actually just

35
00:02:05,440 --> 00:02:08,080
do some block rules in the firewall.

36
00:02:08,080 --> 00:02:14,620
We should disable a W pad we should disable or enable elder signing and channel binding and we should

37
00:02:14,770 --> 00:02:18,940
consider moving our admin users to the protected users group.

38
00:02:18,940 --> 00:02:23,280
So with this being said again don't worry too much about this.

39
00:02:23,290 --> 00:02:28,330
I just like to cover the mitigation strategies to talk about it if you want to practice this in your

40
00:02:28,330 --> 00:02:33,280
lab if you want to go back as we're going through some of these and you want to turn off different things.

41
00:02:33,280 --> 00:02:39,820
I'm showing you in defenses and try to mitigate these I say more power to you see how this works and

42
00:02:39,820 --> 00:02:42,660
how it affects certain attacks.

43
00:02:42,790 --> 00:02:45,600
And I think that's a really awesome strategy as well.

44
00:02:45,650 --> 00:02:51,040
Otherwise just take maybe a screenshot of this and don't focus too much on memorizing it.

45
00:02:51,040 --> 00:02:56,620
So from here we got one more video left to tie everything together and then we're gonna get into post

46
00:02:56,620 --> 00:02:58,390
exploitation enumeration.

47
00:02:58,390 --> 00:02:59,650
So I'll catch you in the next video.