There’s been a while since my previous update as my primary focus has been on working as a full-time Security Architect and lecturing Office 365 / Security classes. I was lucky to have the opportunity to participate at Nordic Infrastructure Conference (NICConf) in Oslo Spektrum February 1st as a speaker with my colleague Oddvar Moe. We had the session “Hardcore hacker VS. Awesome IT-Pro” where we demonstrated effective attacks vs defenses in Windows, where we covered common attack techniques. The purpose of the session was to add focus to the importance of not only implementing security but also testing that your implementation is actually successful. Details about the session can be found here: http://nicconf.com/talks/hardcore-hacker-vs-awesome-it-pro-battle-royale/. I was planning to wait for the recording before publishing this blog post but I will update once it’s out.
To reference where you can find additional information that was not shown directly in the session look here:
NTLM Leaking: https://blogs.technet.microsoft.com/askds/2009/10/08/ntlm-blocking-and-you-application-analysis-and-auditing-methodologies-in-windows-7/ “Old but gold”, covering how NTLM can be audited prior to blocking in great detail.
Office macro attacks: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard Recommend looking into Windows Defender Exploit Guard, and specifically Attack Surface Reduction rules. In addition, see Blocking Office Macros from the internet
More blog posts will come soon covering Office 365 and Azure.