2016-030: Defending Against Mimikatz and Other Memory based Password Attacks

In the last few years, security researchers and hacker have found an easy way of gaining access to passwords without the use of dumping the Windows hash table.
When improperly configured, the passwords are stored in memory, often in plain text.

This week, we discuss Mimikatz, and methods by which you can protect your environment by hardening Windows against such attacks.

Links to blogs:
https://www.praetorian.com/blog/mitigating-mimikatz-wdigest-cleartext-credential-theft
http://blog.gojhonny.com/2015/08/preventing-credcrack-mimikatz-pass-hash.html
https://jimshaver.net/2016/02/14/defending-against-mimikatz/
 Praetorian Report on pentests: http://www3.praetorian.com/how-to-dramatically-improve-corporate-IT-security-without-spending-millions-report.html
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-030-Defense_against_Mimikatz.mp3
YouTube:
iTunes:
#SoundCloud: https://www.soundcloud.com/bryan-brake
Comments, Questions, Feedback: bds.podcast@gmail.com
Support Brakeing Down Security #Podcast on #Patreon: https://www.patreon.com/bds_podcast
#Twitter: @brakesec @boettcherpwned @bryanbrake
#Facebook: https://www.facebook.com/BrakeingDownSec/
#Tumblr: http://brakeingdownsecurity.tumblr.com/
#Player.FM : https://player.fm/series/brakeing-down-security-podcast
#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582



Here is a new episode of Brakeing Down Security Podcast! 

 <script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<!-- AD_test -->
<ins class="adsbygoogle"
     style="display:block"
     data-ad-client="ca-pub-6297797969674519"
     data-ad-slot="3300597183"
     data-ad-format="auto"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>