From LedHed's Wiki
Revision as of 18:47, 11 October 2016 by Ledhed (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Overview

Pass the Hash (PtH) is the process of using an NTLM password hash in place of a user's credentials (username/password). It is an exploit commonly used by hackers and penetration testers to gain access to resources. PtH is ideal because it doesn't require a password to be cracked (Brute force cracking a long complex password can take time).


Mitigation

  • Install Windows 10 and enable Device Guard & Credential Guard.
  • Install a reputable Antivirus and keep it updated.
  • Install OS and Application updates regularly.
  • Require password changes as often as possible. At least every 90 days for end users and more often for high privilege accounts such as Domain Admins, Server Operators, and Support Desk.
  • Employ Principals of Least Privilege.
  • Disable cached logons for workstations (this may not be ideal for laptops).
  • Don't allow end users to be Local Admins.
  • Require a unique password for every computer's Local Admin account (Use LAPS).
  • Require System Admins to be standard users, and have separate accounts for Domain and Server administration tasks.
  • Don't allow Domain Admins to login to workstations or servers (only Domain Controllers).
  • Don't allow Server Operators to login to Domain Controllers or Workstations.
  • Harden workstations and servers using Security templates like the ones provided by The Center for Internet Security. CIS Benchmarks can be found here.
  • ...


Reference

https://technet.microsoft.com/en-us/security/dn785092