At the center of any cyberattack is privileged access. In more practical terms, compromised credentials of users with privilege. In many cases, initial access brokers seek to stumble across accounts that both provide initial access AND privileged access within a victim network. But more often, the threat actor needs to do some work to identify and compromise privileged accounts in a journey toward gaining full Administrator rights to an application, data set, system, or directory service.
In reality today, all users should be treated as privileged users, as it only takes a single compromised user to be exploited to turn a simple breach of one system into a cyber disaster that impacts the entire business.
This session will demo several of the techniques that attackers use to crack passwords and gain initial access to a victim's systems and applications – as well as laterally move around the network, staying stealthy and looking for highly privileged accounts and sensitive data that organizations depend on to operate.
Because 80% of breaches involve the compromise of IT and business user credentials (IDs and passwords), you need a proven strategy to help you achieve privileged access security.
In this Real Training for Free session, 4-time Microsoft MVP Nick Cavalancia takes my seat as he first talks about the value, simplicity, and (potential) ease of credential-based attacks today. As always, he’ll align the threat actions involved in credential-based attacks to the MITRE ATT&CK Framework, discussing which are most prevalent and why.
Up next, you’ll hear from Joseph Carson, Chief Security Scientist & Advisory CISO at Delinea, as he performs another one of his very detailed live “how-to” deep dives, where he’ll cover:
- Enumeration Techniques Overview
- Common Tools and Utilities such as Hashcat and Mimikatz
- Real-World Scenarios
- Mitigation Strategies
- Live Demo of an Enumeration Technique and Credential compromise
Joe will also discuss the steps of an easy-to-understand set of best practices to mitigate these kinds of attack actions. Whether you’re starting a new identity project or strengthening an existing access solution, this Real Training for Free webinar is chock full of real-world practical application.