Catch Me if You Can presented at BSidesAsheville 2016

by Michael Bryant,

Summary : Skilled penetration testers and malicious actors are utilizing similar techniques to compromise
organizations. These techniques involve the theft and harvesting of credentials, lateral movement
throughout the organization, elevation of privileges, and the theft of sensitive data.
We, as information security professionals and system administrators, are doing a poor job of discovering
and preventing these types of attacks mainly due to poor 'security hygiene' and lack of effective
In this talk we will look at a common attack scenario utilizing the tools and techniques commonly
employed by threat actors. We will use this walkthrough to help identify areas where an organization can
detect and mitigate the impact of these tools and techniques.
We will examine tools such as Responder and Mimikatz and how we can limit their effectiveness. We will
cover local administrator and shared accounts and show you why these are a big weakness in your
security posture. We will discuss domain admin accounts and why you should know what is happening
with them at all times. Finally, we will talk about everyone's favorite topic, password complexity, and
show why 'industry best practices' just do not cut it.
Michael Bryant is the Senior Manager of the Red Team at SecureWorks. He has over sixteen years of
experience in the information security field, including both offensive, defensive and compliance roles.
He holds both an Offensive Security Certified Professional (OSCP) and CISSP certification and
graduated from Clemson University with a degree in Electrical Engineering.