Preventing credential theft & lateral movement after initial compromise. presented at BsidesCleveland 2016

by Cameron Moore,

Summary : You’ve done the patch work, you have good perimeter defenses, and even application whitelisting, however, an attacker has found themselves on an end-user machine. For most networks, once an attacker has gained access the game is usually over quickly for the blue team. In this session, I will discuss several techniques used by attackers to find additional credentials and laterally move about and how to prevent them. Implementing these changes will slow down escalation and lateral movement and credential theft to provide an opportunity for detection and subsequent response.