Misuse of credentials is at the center of every cyberattack. Used as part of lateral movement, establishing persistence, gaining elevated privileges, exfiltrating data, or encrypting an environment, threat actors can do nothing without proper credentials.
Most of the time, we focus on attack techniques such as social engineering, phishing, vishing, etc. as the means to obtain a username and password. But, in many cases, brute force and password spray attacks are effective ways to attain access.
Then there’s the human factor – where users lack proper cyber hygiene around the security of their passwords. Despite it being common knowledge that passwords must be more secure than in previous years, users continue to cut corners and find ways to keep a simple password in use, keeping the potential for a successful attack high.
Add to this the fact that there are common locations threat actors utilize to either test passwords or simply find them lying in wait, and it quickly becomes evident that there are steps you can take and measures that can be put in place to offset the risk in insecure passwords.
So, just how weak are your passwords and what can you do to strengthen this part of your cybersecurity strategy?
In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia takes my seat, and will first discuss:
- The current state of insecure password use
- Password Spraying 101
- Resources you can use to both identify weaknesses and strengthen your password position
Nick will be joined by Brian Johnson, CISSP, OSCP, and President of 7 Minute Security, and Jeremy Dundon, Solutions Engineering Manager from Netwrix. Brian will dive deeper into the topic showing real-world tools used to identify and crack passwords, discussing:
- How to manually audit your environment for weak/common passwords:
- Where to download lists of weak/common passwords
- How to dump all usernames and hashes out of the domain controller and then check all your users against these lists of weak/common passwords
- “Hidden” places on the network (like Active Directory, Group Policy objects and file shares) where passwords may live unbeknownst to sysadmins
Jeremy will then talk about the biggest issue in password security – the user – and discuss how to enforce granular password policies to protect Active Directory from password attacks.
This real training for free event will be jam packed with technical detail and real-world application. Register today!