Enterprise Defenses

מק"ט: #7516 | משך קורס: 32 שעות אק'
| מספר מפגשים: 4

Is your organization vulnerable? How secure is your domain? Can any malware run on your endpoints? Why patch? Should you limit your users? How can you limit them? Hardening an enterprise is a complicated task. Keeping it secured and updated is a long process. Vulnerable operating systems and applications are what attackers look for. The student learns about domain attacks and the meaning of lateral movement. Vulnerability scanning is crucial for understanding the security level of your domain. The next step is to patch and update the application in order to remove the vulnerability. Users can usually perform more tasks than they need to. The student learns how to create and deploy a hardened image. This includes creation, planning, deep understanding of processes in the organization’s network and the importance of application whitelisting.

*שדות חובה
PDF version


What you will learn:

  • Analysis of the kerberos protocol
  • Active directory attacks
  • Lateral movement and privilege escalation
  • What to monitor?
  • Why are permissions important?
  • Control over endpoints with a golden image
  • How to imporve endpoint security with OS hardening?
  • What are whitelists?
  • What is application whitelisting and how to implement it?
  • Scripting with Applocker
  • How to bypass the whitelist?
  • How to scan your network for vulnerabilities?
  • How to patch applications?
  • Patch management with windows updates
  • Third party patch management

קהל יעד

  • Enterprise hardening workshop targets technically-oriented audience; IT, NOC, SOC, Dev-ops, SW developers, SW QA, and others with “technical” hands-on skills

תנאי קדם

  • MS technologies
  • Powershell scripting
  • Networking (TCP/IP).


Part 1: Organization Hardening

  • What are user accounts, How to view and manage them.
  • Default Accounts - Win 7 - Guest, Administrator, System & Standard
  • What are user groups, Default user groups - Administrators, Everyone
  • Access Tokens
  • File & Folder Permissions
    • Why are they important, but why are they dangerous
    • Permission Types (Read, Write, Read & Execute, Modify, Full Control)
    • Sharing Permissions (Full Control, Change, Read)
  • Kerberos
    • What is kerberos and how does it work (TGT, TGS)
    • Kerberos Attacks (MS-14-068, Pass the Ticket, Golden & Silver Ticket)
    • Kerberos Attacks mitigation
  • NTLM
    • Pass the hash
  • User Access Control
  • Default Application Users passwords - The danger with deafult password
  • Logging and monitoring administrative accounts and activities


Part 2: Golden Image & OS Hardening

  • What is a golden image
  • Deployment phases
  • Risks and difficulties
  • Hardening the operating system
  • Hardening dilemas
  • OS hardening Techniques


Part 3: Application whitelisting
Whitelists, blacklists, application whitelisting, applocker, software restriction policy, bypassing techniques

  • What are whitelists and how to implement them
  • The cons of blacklisting
  • The cons of whitelisting
  • Application whitelisting
    • What to hash by
    • Implementation
    • Pros & cons
  • Introduction to Applocker
    • Building a ruleset
    • Applocker vs software restriction policy
    • Local and domain policies
    • dll whitelisting
    • Building a tool with applocker cmdlets
    • Applocker bypassing techniques


Part 4: Vulnerability assesment

  • Nessus/OpenVAS setup & config
  • Performing basic network scans
  • Advanced scanning profiles; Windows and Linux
  • Credentialed scans
  • Application scanning and enumeration (web)
  • Vuln management; reporting, scheduling and profiling


Part 5: Patch management

  • Patch types
  • Patch management
    • Implementation with the change control process
    • Pros and cons
  • WSUS
  • Third party patch mangement