[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.80,0:00:02.60,Default,,0000,0000,0000,,what's going on guys welcome back to
Dialogue: 0,0:00:02.60,0:00:04.76,Default,,0000,0000,0000,,this video today we're doing again a try
Dialogue: 0,0:00:04.76,0:00:06.60,Default,,0000,0000,0000,,hack me video and we're going to focus
Dialogue: 0,0:00:06.60,0:00:09.40,Default,,0000,0000,0000,,on SEC the security engineer track so we
Dialogue: 0,0:00:09.40,0:00:11.00,Default,,0000,0000,0000,,have reached the active directory
Dialogue: 0,0:00:11.00,0:00:12.76,Default,,0000,0000,0000,,hardening and it's going to be the
Dialogue: 0,0:00:12.76,0:00:15.52,Default,,0000,0000,0000,,subject of this video so there are some
Dialogue: 0,0:00:15.52,0:00:16.84,Default,,0000,0000,0000,,discussed
Dialogue: 0,0:00:16.84,0:00:19.04,Default,,0000,0000,0000,,methods and I say some because there are
Dialogue: 0,0:00:19.04,0:00:22.20,Default,,0000,0000,0000,,many methods to harden and secure active
Dialogue: 0,0:00:22.20,0:00:25.36,Default,,0000,0000,0000,,uh directory meaning uh Windows server
Dialogue: 0,0:00:25.36,0:00:27.80,Default,,0000,0000,0000,,with active directory but here there are
Dialogue: 0,0:00:27.80,0:00:29.16,Default,,0000,0000,0000,,some methods that are discussed we're
Dialogue: 0,0:00:29.16,0:00:30.40,Default,,0000,0000,0000,,going to go over these methods and we're
Dialogue: 0,0:00:30.40,0:00:32.20,Default,,0000,0000,0000,,going to answer a couple questions going
Dialogue: 0,0:00:32.20,0:00:34.72,Default,,0000,0000,0000,,try to make this as simple as I
Dialogue: 0,0:00:34.72,0:00:39.00,Default,,0000,0000,0000,,can and for my members I released a new
Dialogue: 0,0:00:39.00,0:00:42.28,Default,,0000,0000,0000,,uh Note file it is under the blue team
Dialogue: 0,0:00:42.28,0:00:45.64,Default,,0000,0000,0000,,track The Blue Team notes and the name
Dialogue: 0,0:00:45.64,0:00:47.76,Default,,0000,0000,0000,,is Windows security we'll be finding
Dialogue: 0,0:00:47.76,0:00:50.40,Default,,0000,0000,0000,,this in the uh Google Drive notes all
Dialogue: 0,0:00:50.40,0:00:54.60,Default,,0000,0000,0000,,right let let get back to the room
Dialogue: 0,0:00:54.60,0:00:57.52,Default,,0000,0000,0000,,so we have a machine to spawn we going
Dialogue: 0,0:00:57.52,0:01:01.36,Default,,0000,0000,0000,,to click on start the machine
Dialogue: 0,0:01:01.36,0:01:04.32,Default,,0000,0000,0000,,so basically the task two is about
Dialogue: 0,0:01:04.32,0:01:08.40,Default,,0000,0000,0000,,Concepts on active directory so it's not
Dialogue: 0,0:01:08.40,0:01:11.64,Default,,0000,0000,0000,,a comprehensive uh list or comprehensive
Dialogue: 0,0:01:11.64,0:01:14.36,Default,,0000,0000,0000,,uh you know uh it doesn't contain all
Dialogue: 0,0:01:14.36,0:01:16.56,Default,,0000,0000,0000,,everything about directory but you know
Dialogue: 0,0:01:16.56,0:01:17.72,Default,,0000,0000,0000,,if you are going through active
Dialogue: 0,0:01:17.72,0:01:19.20,Default,,0000,0000,0000,,directory hardening you must know what
Dialogue: 0,0:01:19.20,0:01:22.04,Default,,0000,0000,0000,,is domain domain controller and the
Dialogue: 0,0:01:22.04,0:01:23.68,Default,,0000,0000,0000,,definition of trees and Forest we're
Dialogue: 0,0:01:23.68,0:01:25.84,Default,,0000,0000,0000,,going to talk about this but there is
Dialogue: 0,0:01:25.84,0:01:27.40,Default,,0000,0000,0000,,there are two questions here one
Dialogue: 0,0:01:27.40,0:01:29.64,Default,,0000,0000,0000,,question what is the root domain in the
Dialogue: 0,0:01:29.64,0:01:33.68,Default,,0000,0000,0000,,tab ad machine so basically here uh
Dialogue: 0,0:01:33.68,0:01:34.72,Default,,0000,0000,0000,,let's
Dialogue: 0,0:01:34.72,0:01:37.40,Default,,0000,0000,0000,,see yeah the machine is
Dialogue: 0,0:01:37.40,0:01:41.76,Default,,0000,0000,0000,,still uh starting so here we have triac
Dialogue: 0,0:01:41.76,0:01:45.16,Default,,0000,0000,0000,,me. ioc is the root domain and Z a.
Dialogue: 0,0:01:45.16,0:01:48.56,Default,,0000,0000,0000,,triac me is not the subdomain uh we it's
Dialogue: 0,0:01:48.56,0:01:50.88,Default,,0000,0000,0000,,it's called the child domain so both
Dialogue: 0,0:01:50.88,0:01:55.52,Default,,0000,0000,0000,,these domains um exists under uh the
Dialogue: 0,0:01:55.52,0:01:58.88,Default,,0000,0000,0000,,same tree so we call this a tree because
Dialogue: 0,0:01:58.88,0:02:01.76,Default,,0000,0000,0000,,it contains more more than one domain
Dialogue: 0,0:02:01.76,0:02:03.92,Default,,0000,0000,0000,,now the subject of this video will be on
Dialogue: 0,0:02:03.92,0:02:06.76,Default,,0000,0000,0000,,the securing authentication
Dialogue: 0,0:02:06.76,0:02:10.04,Default,,0000,0000,0000,,methods and the other tasks so let's
Dialogue: 0,0:02:10.04,0:02:11.72,Default,,0000,0000,0000,,first make sure that the machine is up
Dialogue: 0,0:02:11.72,0:02:15.24,Default,,0000,0000,0000,,and running going click on split
Dialogue: 0,0:02:20.04,0:02:24.40,Default,,0000,0000,0000,,view okay so going to task three so in
Dialogue: 0,0:02:24.40,0:02:28.76,Default,,0000,0000,0000,,task three we have the land manager
Dialogue: 0,0:02:28.76,0:02:31.16,Default,,0000,0000,0000,,hash SMB
Dialogue: 0,0:02:31.16,0:02:33.56,Default,,0000,0000,0000,,signing ldb
Dialogue: 0,0:02:33.56,0:02:36.12,Default,,0000,0000,0000,,signing password policies and
Dialogue: 0,0:02:36.12,0:02:38.64,Default,,0000,0000,0000,,rotation and some suggestions on
Dialogue: 0,0:02:38.64,0:02:41.92,Default,,0000,0000,0000,,password policies so these are settings
Dialogue: 0,0:02:41.92,0:02:44.08,Default,,0000,0000,0000,,that you can configure on your active
Dialogue: 0,0:02:44.08,0:02:46.00,Default,,0000,0000,0000,,directory to make sure that the
Dialogue: 0,0:02:46.00,0:02:49.00,Default,,0000,0000,0000,,authentication process is secure meaning
Dialogue: 0,0:02:49.00,0:02:50.28,Default,,0000,0000,0000,,uh MIT
Dialogue: 0,0:02:50.28,0:02:54.00,Default,,0000,0000,0000,,Maxs have little to no chance to succeed
Dialogue: 0,0:02:54.00,0:02:55.84,Default,,0000,0000,0000,,at the same time you configure strong
Dialogue: 0,0:02:55.84,0:03:00.40,Default,,0000,0000,0000,,password policy for uh your users
Dialogue: 0,0:03:00.40,0:03:02.44,Default,,0000,0000,0000,,simultaneously in task four here they
Dialogue: 0,0:03:02.44,0:03:05.28,Default,,0000,0000,0000,,talk about the General
Dialogue: 0,0:03:05.28,0:03:09.20,Default,,0000,0000,0000,,Security um Concepts here so for example
Dialogue: 0,0:03:09.20,0:03:12.60,Default,,0000,0000,0000,,the role based access control the uh
Dialogue: 0,0:03:12.60,0:03:14.48,Default,,0000,0000,0000,,methods of Access Control the principle
Dialogue: 0,0:03:14.48,0:03:16.76,Default,,0000,0000,0000,,of leas privilege all of these are
Dialogue: 0,0:03:16.76,0:03:19.56,Default,,0000,0000,0000,,General Security controls that you can
Dialogue: 0,0:03:19.56,0:03:21.60,Default,,0000,0000,0000,,um apply to the active directory or
Dialogue: 0,0:03:21.60,0:03:24.00,Default,,0000,0000,0000,,Windows Server active directory and here
Dialogue: 0,0:03:24.00,0:03:25.08,Default,,0000,0000,0000,,there are two
Dialogue: 0,0:03:25.08,0:03:27.96,Default,,0000,0000,0000,,questions so computers and printers must
Dialogue: 0,0:03:27.96,0:03:30.16,Default,,0000,0000,0000,,be added to tier zero so here's about
Dialogue: 0,0:03:30.16,0:03:33.12,Default,,0000,0000,0000,,tiered access model now the tiered
Dialogue: 0,0:03:33.12,0:03:35.00,Default,,0000,0000,0000,,access model is not discussed in
Dialogue: 0,0:03:35.00,0:03:38.44,Default,,0000,0000,0000,,computer in comp Security Plus so here
Dialogue: 0,0:03:38.44,0:03:41.20,Default,,0000,0000,0000,,I'm preparing for you guys a note file
Dialogue: 0,0:03:41.20,0:03:44.52,Default,,0000,0000,0000,,to prepare for comp Security Plus
Dialogue: 0,0:03:44.52,0:03:48.16,Default,,0000,0000,0000,,so here in comp Security
Dialogue: 0,0:03:48.16,0:03:50.80,Default,,0000,0000,0000,,Plus there are
Dialogue: 0,0:03:50.80,0:03:53.60,Default,,0000,0000,0000,,certain models for Access Control oh my
Dialogue: 0,0:03:53.60,0:03:56.96,Default,,0000,0000,0000,,God many things about as control as
Dialogue: 0,0:03:56.96,0:04:01.40,Default,,0000,0000,0000,,control uh methods model
Dialogue: 0,0:04:01.40,0:04:05.40,Default,,0000,0000,0000,,just too hard to find them
Dialogue: 0,0:04:12.44,0:04:15.68,Default,,0000,0000,0000,,Mac okay as you can see guys in comp
Dialogue: 0,0:04:15.68,0:04:18.24,Default,,0000,0000,0000,,Security Plus we discuss discretionary
Dialogue: 0,0:04:18.24,0:04:20.32,Default,,0000,0000,0000,,Access Control role pce
Dialogue: 0,0:04:20.32,0:04:22.64,Default,,0000,0000,0000,,mandatory and there is the rule based
Dialogue: 0,0:04:22.64,0:04:24.64,Default,,0000,0000,0000,,access control as well if you scroll
Dialogue: 0,0:04:24.64,0:04:27.48,Default,,0000,0000,0000,,down you're going to find it
Dialogue: 0,0:04:27.48,0:04:30.76,Default,,0000,0000,0000,,maybe rule pay access control so all of
Dialogue: 0,0:04:30.76,0:04:32.44,Default,,0000,0000,0000,,these access
Dialogue: 0,0:04:32.44,0:04:36.72,Default,,0000,0000,0000,,controls are used depending on the
Dialogue: 0,0:04:36.72,0:04:39.36,Default,,0000,0000,0000,,scenario or depending on organization so
Dialogue: 0,0:04:39.36,0:04:42.76,Default,,0000,0000,0000,,tiered access model groups your
Dialogue: 0,0:04:42.76,0:04:44.84,Default,,0000,0000,0000,,resources based on tiers for example as
Dialogue: 0,0:04:44.84,0:04:47.96,Default,,0000,0000,0000,,you can see tier zero includes top
Dialogue: 0,0:04:47.96,0:04:50.76,Default,,0000,0000,0000,,level uh resources such as admin
Dialogue: 0,0:04:50.76,0:04:53.00,Default,,0000,0000,0000,,accounts domain controller and
Dialogue: 0,0:04:53.00,0:04:57.32,Default,,0000,0000,0000,,groups so tier one applications and
Dialogue: 0,0:04:57.32,0:05:01.56,Default,,0000,0000,0000,,servers tier two and user devices so the
Dialogue: 0,0:05:01.56,0:05:04.32,Default,,0000,0000,0000,,higher it goes the less sensitive it
Dialogue: 0,0:05:04.32,0:05:07.64,Default,,0000,0000,0000,,becomes so as you can see tier zero it's
Dialogue: 0,0:05:07.64,0:05:10.32,Default,,0000,0000,0000,,the highest contains the highest
Dialogue: 0,0:05:10.32,0:05:12.24,Default,,0000,0000,0000,,sensitive resources such as admin
Dialogue: 0,0:05:12.24,0:05:14.16,Default,,0000,0000,0000,,accounts domain controller and groups so
Dialogue: 0,0:05:14.16,0:05:16.16,Default,,0000,0000,0000,,here the question is computers and
Dialogue: 0,0:05:16.16,0:05:19.88,Default,,0000,0000,0000,,printers must be added to tier zero nope
Dialogue: 0,0:05:19.88,0:05:21.60,Default,,0000,0000,0000,,because computers and printers are end
Dialogue: 0,0:05:21.60,0:05:24.24,Default,,0000,0000,0000,,points so we can add them to tier two
Dialogue: 0,0:05:24.24,0:05:25.92,Default,,0000,0000,0000,,suppose a vendor arrived at your
Dialogue: 0,0:05:25.92,0:05:29.68,Default,,0000,0000,0000,,facility for a twoe duration visit task
Dialogue: 0,0:05:29.68,0:05:31.64,Default,,0000,0000,0000,,being a system administrator you should
Dialogue: 0,0:05:31.64,0:05:34.80,Default,,0000,0000,0000,,create a high privileged account for him
Dialogue: 0,0:05:34.80,0:05:38.16,Default,,0000,0000,0000,,nope because this goes to uh the role
Dialogue: 0,0:05:38.16,0:05:40.96,Default,,0000,0000,0000,,ped access control so in role ped Access
Dialogue: 0,0:05:40.96,0:05:43.80,Default,,0000,0000,0000,,Control we assign people
Dialogue: 0,0:05:43.80,0:05:47.32,Default,,0000,0000,0000,,resources and permissions pays on their
Dialogue: 0,0:05:47.32,0:05:50.60,Default,,0000,0000,0000,,uh job and additionally we apply the
Dialogue: 0,0:05:50.60,0:05:53.04,Default,,0000,0000,0000,,principle of lease
Dialogue: 0,0:05:53.04,0:05:55.32,Default,,0000,0000,0000,,privilege meaning the least privileged
Dialogue: 0,0:05:55.32,0:05:58.52,Default,,0000,0000,0000,,means that if they don't need access to
Dialogue: 0,0:05:58.52,0:06:00.84,Default,,0000,0000,0000,,a certain resource we don't grant them
Dialogue: 0,0:06:00.84,0:06:03.16,Default,,0000,0000,0000,,that uh permission to access that
Dialogue: 0,0:06:03.16,0:06:05.36,Default,,0000,0000,0000,,resource depending on your job
Dialogue: 0,0:06:05.36,0:06:07.88,Default,,0000,0000,0000,,description on your need as
Dialogue: 0,0:06:07.88,0:06:12.04,Default,,0000,0000,0000,,well okay so finally the machine
Dialogue: 0,0:06:12.04,0:06:13.72,Default,,0000,0000,0000,,started all right so we're going to
Dialogue: 0,0:06:13.72,0:06:16.56,Default,,0000,0000,0000,,demonstrate task three now all right so
Dialogue: 0,0:06:16.56,0:06:18.08,Default,,0000,0000,0000,,we're going to allow this and we're
Dialogue: 0,0:06:18.08,0:06:22.56,Default,,0000,0000,0000,,going to start with the GP
Dialogue: 0,0:06:22.56,0:06:25.20,Default,,0000,0000,0000,,edit the group policy editor most of the
Dialogue: 0,0:06:25.20,0:06:27.04,Default,,0000,0000,0000,,policies you configure in active
Dialogue: 0,0:06:27.04,0:06:30.24,Default,,0000,0000,0000,,directory whether to harden sec cure or
Dialogue: 0,0:06:30.24,0:06:33.72,Default,,0000,0000,0000,,even to set certain settings are done
Dialogue: 0,0:06:33.72,0:06:36.16,Default,,0000,0000,0000,,via the group policy
Dialogue: 0,0:06:36.16,0:06:39.32,Default,,0000,0000,0000,,editor so it's good practice if you uh
Dialogue: 0,0:06:39.32,0:06:43.00,Default,,0000,0000,0000,,go over the policies here and understand
Dialogue: 0,0:06:43.00,0:06:44.44,Default,,0000,0000,0000,,what every single one of them the
Dialogue: 0,0:06:44.44,0:06:46.60,Default,,0000,0000,0000,,purpose of every single one of them so
Dialogue: 0,0:06:46.60,0:06:47.80,Default,,0000,0000,0000,,the first thing we're going to do is the
Dialogue: 0,0:06:47.80,0:06:50.12,Default,,0000,0000,0000,,Lan hash
Dialogue: 0,0:06:50.12,0:06:52.12,Default,,0000,0000,0000,,manager so here we're going to make sure
Dialogue: 0,0:06:52.12,0:06:55.96,Default,,0000,0000,0000,,that Windows stores the hashes for the
Dialogue: 0,0:06:55.96,0:06:59.44,Default,,0000,0000,0000,,user's password in the ntlm not the L
Dialogue: 0,0:06:59.44,0:07:02.12,Default,,0000,0000,0000,,the LM because the LM is relatively
Dialogue: 0,0:07:02.12,0:07:04.96,Default,,0000,0000,0000,,weaker than the NT right and it's
Dialogue: 0,0:07:04.96,0:07:06.76,Default,,0000,0000,0000,,vulnerable to Brute Force attacks so we
Dialogue: 0,0:07:06.76,0:07:08.40,Default,,0000,0000,0000,,make sure that the passwords or the
Dialogue: 0,0:07:08.40,0:07:10.04,Default,,0000,0000,0000,,hashes are
Dialogue: 0,0:07:10.04,0:07:13.24,Default,,0000,0000,0000,,stored uh in entty so we're going what
Dialogue: 0,0:07:13.24,0:07:14.40,Default,,0000,0000,0000,,we're going to do here we're going to go
Dialogue: 0,0:07:14.40,0:07:16.32,Default,,0000,0000,0000,,to computer configuration as you can see
Dialogue: 0,0:07:16.32,0:07:17.84,Default,,0000,0000,0000,,here and then we're going to go to
Dialogue: 0,0:07:17.84,0:07:20.84,Default,,0000,0000,0000,,policies Windows settings so in Windows
Dialogue: 0,0:07:20.84,0:07:23.32,Default,,0000,0000,0000,,settings going to expand
Dialogue: 0,0:07:23.32,0:07:26.36,Default,,0000,0000,0000,,this the machine is too slow frustration
Dialogue: 0,0:07:26.36,0:07:29.04,Default,,0000,0000,0000,,frustrating okay security settings can
Dialogue: 0,0:07:29.04,0:07:32.08,Default,,0000,0000,0000,,highlight this and expand to local
Dialogue: 0,0:07:32.08,0:07:34.12,Default,,0000,0000,0000,,policies and if we expand the local
Dialogue: 0,0:07:34.12,0:07:36.92,Default,,0000,0000,0000,,policies we go to Security Options and
Dialogue: 0,0:07:36.92,0:07:41.84,Default,,0000,0000,0000,,from Security Options here we have the
Dialogue: 0,0:07:41.84,0:07:43.56,Default,,0000,0000,0000,,security policies so as you can see
Dialogue: 0,0:07:43.56,0:07:47.76,Default,,0000,0000,0000,,there is one here that's about the uh
Dialogue: 0,0:07:47.76,0:07:51.64,Default,,0000,0000,0000,,land manager let's see what it
Dialogue: 0,0:07:54.44,0:07:58.52,Default,,0000,0000,0000,,is so it starts with don't store let's
Dialogue: 0,0:07:58.52,0:08:01.32,Default,,0000,0000,0000,,see what it is
Dialogue: 0,0:08:02.04,0:08:04.76,Default,,0000,0000,0000,,yeah this is done
Dialogue: 0,0:08:04.76,0:08:07.08,Default,,0000,0000,0000,,properties so now secure don't store
Dialogue: 0,0:08:07.08,0:08:09.48,Default,,0000,0000,0000,,Land manager hash value on next password
Dialogue: 0,0:08:09.48,0:08:11.92,Default,,0000,0000,0000,,change so by default this is enabled
Dialogue: 0,0:08:11.92,0:08:13.60,Default,,0000,0000,0000,,which is good so make sure on your end
Dialogue: 0,0:08:13.60,0:08:16.56,Default,,0000,0000,0000,,this is enabled because you don't want
Dialogue: 0,0:08:16.56,0:08:20.40,Default,,0000,0000,0000,,um the password to be stored as LM hash
Dialogue: 0,0:08:20.40,0:08:23.08,Default,,0000,0000,0000,,because it's going to be susceptible to
Dialogue: 0,0:08:23.08,0:08:24.52,Default,,0000,0000,0000,,Brute Force attacks it's going to be
Dialogue: 0,0:08:24.52,0:08:26.72,Default,,0000,0000,0000,,easily cracked all right that's the
Dialogue: 0,0:08:26.72,0:08:30.04,Default,,0000,0000,0000,,first thing to securing uh or that's the
Dialogue: 0,0:08:30.04,0:08:31.96,Default,,0000,0000,0000,,first thing you can do to secure active
Dialogue: 0,0:08:31.96,0:08:35.24,Default,,0000,0000,0000,,directory other thing is SMB signing so
Dialogue: 0,0:08:35.24,0:08:38.12,Default,,0000,0000,0000,,SMB as you know server message block is
Dialogue: 0,0:08:38.12,0:08:40.48,Default,,0000,0000,0000,,the protocol responsible for file and
Dialogue: 0,0:08:40.48,0:08:41.88,Default,,0000,0000,0000,,printer sharing so if you have file
Dialogue: 0,0:08:41.88,0:08:44.28,Default,,0000,0000,0000,,sharing printer sharing enabled this
Dialogue: 0,0:08:44.28,0:08:46.40,Default,,0000,0000,0000,,protocol most probably is enabled so the
Dialogue: 0,0:08:46.40,0:08:49.16,Default,,0000,0000,0000,,problem is the the communications happen
Dialogue: 0,0:08:49.16,0:08:51.68,Default,,0000,0000,0000,,in clear text so it's vable to mitm
Dialogue: 0,0:08:51.68,0:08:56.00,Default,,0000,0000,0000,,attack so in order to prevent this we're
Dialogue: 0,0:08:56.00,0:08:57.92,Default,,0000,0000,0000,,going to need to configure some security
Dialogue: 0,0:08:57.92,0:08:59.44,Default,,0000,0000,0000,,policies again we go to back back to
Dialogue: 0,0:08:59.44,0:09:02.32,Default,,0000,0000,0000,,window settings and then to security
Dialogue: 0,0:09:02.32,0:09:07.88,Default,,0000,0000,0000,,settings back to local policies Security
Dialogue: 0,0:09:08.56,0:09:12.52,Default,,0000,0000,0000,,Options and we're going to look for the
Dialogue: 0,0:09:12.52,0:09:14.32,Default,,0000,0000,0000,,digital sign digitally signed
Dialogue: 0,0:09:14.32,0:09:16.76,Default,,0000,0000,0000,,communication let's see what it is
Dialogue: 0,0:09:16.76,0:09:20.20,Default,,0000,0000,0000,,digitally sign secure
Dialogue: 0,0:09:20.72,0:09:24.32,Default,,0000,0000,0000,,Channel Microsoft
Dialogue: 0,0:09:24.36,0:09:27.24,Default,,0000,0000,0000,,network this is the one digitally sign
Dialogue: 0,0:09:27.24,0:09:30.24,Default,,0000,0000,0000,,communication properties and is disabled
Dialogue: 0,0:09:30.24,0:09:32.32,Default,,0000,0000,0000,,so we're going to make sure this is
Dialogue: 0,0:09:32.32,0:09:35.68,Default,,0000,0000,0000,,enabled explain go to explain going you
Dialogue: 0,0:09:35.68,0:09:37.96,Default,,0000,0000,0000,,can see more information about this
Dialogue: 0,0:09:37.96,0:09:40.60,Default,,0000,0000,0000,,digitally sign Communications the
Dialogue: 0,0:09:40.60,0:09:42.44,Default,,0000,0000,0000,,security setting determines whether
Dialogue: 0,0:09:42.44,0:09:44.76,Default,,0000,0000,0000,,packet signing is required by the SB
Dialogue: 0,0:09:44.76,0:09:46.76,Default,,0000,0000,0000,,client
Dialogue: 0,0:09:46.76,0:09:48.92,Default,,0000,0000,0000,,component so you want to you want the
Dialogue: 0,0:09:48.92,0:09:50.88,Default,,0000,0000,0000,,communications through theb to be signed
Dialogue: 0,0:09:50.88,0:09:53.16,Default,,0000,0000,0000,,and not vulnerable to mitm so you need
Dialogue: 0,0:09:53.16,0:09:57.24,Default,,0000,0000,0000,,to or therefore you need to enable
Dialogue: 0,0:09:57.60,0:09:59.64,Default,,0000,0000,0000,,this all right
Dialogue: 0,0:09:59.64,0:10:02.84,Default,,0000,0000,0000,,another thing to securing uh protocols
Dialogue: 0,0:10:02.84,0:10:05.76,Default,,0000,0000,0000,,in active directory is the lb protocol
Dialogue: 0,0:10:05.76,0:10:08.16,Default,,0000,0000,0000,,so lb is the main protocol directory is
Dialogue: 0,0:10:08.16,0:10:10.64,Default,,0000,0000,0000,,based on it's the light lightweight
Dialogue: 0,0:10:10.64,0:10:14.40,Default,,0000,0000,0000,,directory access protocol so also we
Dialogue: 0,0:10:14.40,0:10:17.00,Default,,0000,0000,0000,,want to PR secure the communications
Dialogue: 0,0:10:17.00,0:10:19.84,Default,,0000,0000,0000,,based on that protocol for mitm attacks
Dialogue: 0,0:10:19.84,0:10:20.84,Default,,0000,0000,0000,,so what we're going to do we're going
Dialogue: 0,0:10:20.84,0:10:23.44,Default,,0000,0000,0000,,need also to enable the signing of these
Dialogue: 0,0:10:23.44,0:10:26.84,Default,,0000,0000,0000,,communications so on the same uh pain
Dialogue: 0,0:10:26.84,0:10:28.68,Default,,0000,0000,0000,,here we're going to need to find domain
Dialogue: 0,0:10:28.68,0:10:31.64,Default,,0000,0000,0000,,control rer section and then we're going
Dialogue: 0,0:10:31.64,0:10:34.84,Default,,0000,0000,0000,,to look for elab Server Channel binding
Dialogue: 0,0:10:34.84,0:10:38.84,Default,,0000,0000,0000,,tokens yeah elab server signing
Dialogue: 0,0:10:42.20,0:10:44.52,Default,,0000,0000,0000,,requirements so modifying the setting
Dialogue: 0,0:10:44.52,0:10:46.04,Default,,0000,0000,0000,,may affect compatibility with the
Dialogue: 0,0:10:46.04,0:10:48.84,Default,,0000,0000,0000,,clients so here it doesn't allow me to
Dialogue: 0,0:10:48.84,0:10:50.64,Default,,0000,0000,0000,,enable it for some reason related to
Dialogue: 0,0:10:50.64,0:10:53.44,Default,,0000,0000,0000,,this explanation but usually this needs
Dialogue: 0,0:10:53.44,0:10:55.84,Default,,0000,0000,0000,,to be
Dialogue: 0,0:10:56.40,0:10:59.80,Default,,0000,0000,0000,,enabled and to the most important part
Dialogue: 0,0:10:59.80,0:11:02.40,Default,,0000,0000,0000,,is of this video is the password
Dialogue: 0,0:11:02.40,0:11:04.72,Default,,0000,0000,0000,,policies so password policies can be
Dialogue: 0,0:11:04.72,0:11:08.52,Default,,0000,0000,0000,,configured from the oh we're going to go
Dialogue: 0,0:11:08.52,0:11:10.64,Default,,0000,0000,0000,,back to security headings and we're
Dialogue: 0,0:11:10.64,0:11:12.76,Default,,0000,0000,0000,,going to check on account policies so
Dialogue: 0,0:11:12.76,0:11:14.48,Default,,0000,0000,0000,,account Poli there is account there is
Dialogue: 0,0:11:14.48,0:11:16.40,Default,,0000,0000,0000,,password policy here and from here you
Dialogue: 0,0:11:16.40,0:11:19.64,Default,,0000,0000,0000,,can configure the minimum uh and maximum
Dialogue: 0,0:11:19.64,0:11:22.16,Default,,0000,0000,0000,,length of the password the complexity
Dialogue: 0,0:11:22.16,0:11:24.24,Default,,0000,0000,0000,,the age so on and so forth for example
Dialogue: 0,0:11:24.24,0:11:26.60,Default,,0000,0000,0000,,as you can see here the Min maximum age
Dialogue: 0,0:11:26.60,0:11:29.68,Default,,0000,0000,0000,,of the pass is 42 days which means after
Dialogue: 0,0:11:29.68,0:11:32.56,Default,,0000,0000,0000,,42 days your users will be prompted to
Dialogue: 0,0:11:32.56,0:11:35.16,Default,,0000,0000,0000,,change their
Dialogue: 0,0:11:35.16,0:11:37.28,Default,,0000,0000,0000,,password that's the maximum age and
Dialogue: 0,0:11:37.28,0:11:39.04,Default,,0000,0000,0000,,that's the minimum age minimum age is
Dialogue: 0,0:11:39.04,0:11:41.12,Default,,0000,0000,0000,,one meaning you cannot change your
Dialogue: 0,0:11:41.12,0:11:44.12,Default,,0000,0000,0000,,password uh during the first day of the
Dialogue: 0,0:11:44.12,0:11:46.40,Default,,0000,0000,0000,,assignment and you have minimum password
Dialogue: 0,0:11:46.40,0:11:49.12,Default,,0000,0000,0000,,link is seven
Dialogue: 0,0:11:49.56,0:11:53.08,Default,,0000,0000,0000,,characters so these are the uh some
Dialogue: 0,0:11:53.08,0:11:54.96,Default,,0000,0000,0000,,settings you can see and you askk there
Dialogue: 0,0:11:54.96,0:11:57.28,Default,,0000,0000,0000,,are some questions to answer so we
Dialogue: 0,0:11:57.28,0:12:00.08,Default,,0000,0000,0000,,scroll down change CH the yeah what is
Dialogue: 0,0:12:00.08,0:12:02.24,Default,,0000,0000,0000,,the default minimum password length it
Dialogue: 0,0:12:02.24,0:12:04.64,Default,,0000,0000,0000,,was seven as you can see
Dialogue: 0,0:12:04.64,0:12:08.80,Default,,0000,0000,0000,,here going back showing it one more time
Dialogue: 0,0:12:08.80,0:12:11.76,Default,,0000,0000,0000,,to you guys so seven characters all
Dialogue: 0,0:12:11.76,0:12:14.16,Default,,0000,0000,0000,,right so these are these are some
Dialogue: 0,0:12:14.16,0:12:16.24,Default,,0000,0000,0000,,policies that you can enable to harden
Dialogue: 0,0:12:16.24,0:12:19.80,Default,,0000,0000,0000,,your active directory or to maybe secure
Dialogue: 0,0:12:19.80,0:12:22.24,Default,,0000,0000,0000,,the authentication so additionally there
Dialogue: 0,0:12:22.24,0:12:25.72,Default,,0000,0000,0000,,is in Task 5 there is this nice new tool
Dialogue: 0,0:12:25.72,0:12:27.56,Default,,0000,0000,0000,,that I haven't heard before it is a
Dialogue: 0,0:12:27.56,0:12:31.24,Default,,0000,0000,0000,,Microsoft security compliance tool kit
Dialogue: 0,0:12:31.24,0:12:33.36,Default,,0000,0000,0000,,so this
Dialogue: 0,0:12:33.36,0:12:38.00,Default,,0000,0000,0000,,tool let's go to the relative folder
Dialogue: 0,0:12:38.28,0:12:42.36,Default,,0000,0000,0000,,scripts open that
Dialogue: 0,0:12:43.24,0:12:46.00,Default,,0000,0000,0000,,okay opening the link of the tool so if
Dialogue: 0,0:12:46.00,0:12:48.40,Default,,0000,0000,0000,,you download this tool it will give you
Dialogue: 0,0:12:48.40,0:12:50.72,Default,,0000,0000,0000,,recommendations and give you ready
Dialogue: 0,0:12:50.72,0:12:53.24,Default,,0000,0000,0000,,templates so that you download them and
Dialogue: 0,0:12:53.24,0:12:54.72,Default,,0000,0000,0000,,configure active directory if you don't
Dialogue: 0,0:12:54.72,0:12:56.80,Default,,0000,0000,0000,,know what to what to do and what
Dialogue: 0,0:12:56.80,0:12:59.28,Default,,0000,0000,0000,,policies to configure you can uh
Dialogue: 0,0:12:59.28,0:13:02.76,Default,,0000,0000,0000,,download this tool and retrieve ready
Dialogue: 0,0:13:02.76,0:13:05.48,Default,,0000,0000,0000,,templates to configure for example on
Dialogue: 0,0:13:05.48,0:13:08.48,Default,,0000,0000,0000,,Group Policy there are already readymade
Dialogue: 0,0:13:08.48,0:13:12.24,Default,,0000,0000,0000,,um uh configurations for example here
Dialogue: 0,0:13:12.24,0:13:15.72,Default,,0000,0000,0000,,Windows Server 2019 security Baseline
Dialogue: 0,0:13:15.72,0:13:18.56,Default,,0000,0000,0000,,downloaded from the tool itself
Dialogue: 0,0:13:18.56,0:13:22.28,Default,,0000,0000,0000,,so to illustrate further in the figures
Dialogue: 0,0:13:22.28,0:13:23.56,Default,,0000,0000,0000,,here as you can see when you run this
Dialogue: 0,0:13:23.56,0:13:26.32,Default,,0000,0000,0000,,tool it gives you the
Dialogue: 0,0:13:26.32,0:13:29.40,Default,,0000,0000,0000,,templates now here Windows server 22
Dialogue: 0,0:13:29.40,0:13:32.92,Default,,0000,0000,0000,,security peline zip this is zip file and
Dialogue: 0,0:13:32.92,0:13:35.40,Default,,0000,0000,0000,,it was downloaded to this machine and
Dialogue: 0,0:13:35.40,0:13:37.48,Default,,0000,0000,0000,,once downloaded you can see the relative
Dialogue: 0,0:13:37.48,0:13:39.88,Default,,0000,0000,0000,,folder if you open it and go to local
Dialogue: 0,0:13:39.88,0:13:42.36,Default,,0000,0000,0000,,scripts you can see the partial script
Dialogue: 0,0:13:42.36,0:13:46.96,Default,,0000,0000,0000,,that if you um run it will configure uh
Dialogue: 0,0:13:46.96,0:13:50.12,Default,,0000,0000,0000,,the uh configurations set on this Bas
Dialogue: 0,0:13:50.12,0:13:52.52,Default,,0000,0000,0000,,line so the P line it's actually
Dialogue: 0,0:13:52.52,0:13:54.80,Default,,0000,0000,0000,,collection and combination of
Dialogue: 0,0:13:54.80,0:13:56.84,Default,,0000,0000,0000,,configurations that makes sure your
Dialogue: 0,0:13:56.84,0:14:00.92,Default,,0000,0000,0000,,Windows server is secure Bas on specific
Dialogue: 0,0:14:00.92,0:14:03.88,Default,,0000,0000,0000,,Baseline right and you can use this as a
Dialogue: 0,0:14:03.88,0:14:05.96,Default,,0000,0000,0000,,start if you don't know what to do
Dialogue: 0,0:14:05.96,0:14:09.96,Default,,0000,0000,0000,,additionally there is the policy
Dialogue: 0,0:14:09.96,0:14:14.12,Default,,0000,0000,0000,,analyzer again Guys these are uh can be
Dialogue: 0,0:14:14.12,0:14:16.16,Default,,0000,0000,0000,,downloaded by running the tool on your
Dialogue: 0,0:14:16.16,0:14:18.04,Default,,0000,0000,0000,,machine and then selecting the
Dialogue: 0,0:14:18.04,0:14:20.04,Default,,0000,0000,0000,,configuration you want to download it be
Dialogue: 0,0:14:20.04,0:14:21.44,Default,,0000,0000,0000,,downloaded in zip file and you can
Dialogue: 0,0:14:21.44,0:14:23.80,Default,,0000,0000,0000,,extract and see it this way so policy
Dialogue: 0,0:14:23.80,0:14:25.72,Default,,0000,0000,0000,,analyzer analyzes the group policy
Dialogue: 0,0:14:25.72,0:14:30.68,Default,,0000,0000,0000,,settings in your environment okay
Dialogue: 0,0:14:31.28,0:14:35.32,Default,,0000,0000,0000,,and as you can see here there are the
Dialogue: 0,0:14:37.04,0:14:39.08,Default,,0000,0000,0000,,demonstrations so if you go back here to
Dialogue: 0,0:14:39.08,0:14:41.64,Default,,0000,0000,0000,,policy analyzer you can see these are
Dialogue: 0,0:14:41.64,0:14:44.72,Default,,0000,0000,0000,,the uh scripts that if you run we
Dialogue: 0,0:14:44.72,0:14:47.60,Default,,0000,0000,0000,,configure your group policy based on the
Dialogue: 0,0:14:47.60,0:14:49.80,Default,,0000,0000,0000,,settings let's go over one of them so if
Dialogue: 0,0:14:49.80,0:14:52.72,Default,,0000,0000,0000,,you go back to Windows Server security
Dialogue: 0,0:14:52.72,0:14:56.68,Default,,0000,0000,0000,,Baseline and check the
Dialogue: 0,0:14:57.68,0:15:01.32,Default,,0000,0000,0000,,gpos so as you can see these gpos can be
Dialogue: 0,0:15:01.32,0:15:03.84,Default,,0000,0000,0000,,directly imported to your group policy
Dialogue: 0,0:15:03.84,0:15:07.84,Default,,0000,0000,0000,,editor based on the machine and the
Dialogue: 0,0:15:09.60,0:15:13.92,Default,,0000,0000,0000,,user if you open this in XML
Dialogue: 0,0:15:20.28,0:15:24.32,Default,,0000,0000,0000,,format hopefully it's going to
Dialogue: 0,0:15:27.60,0:15:29.92,Default,,0000,0000,0000,,open
Dialogue: 0,0:15:29.92,0:15:33.52,Default,,0000,0000,0000,,yeah see guys these are
Dialogue: 0,0:15:33.52,0:15:36.52,Default,,0000,0000,0000,,the
Dialogue: 0,0:15:37.08,0:15:39.36,Default,,0000,0000,0000,,configurations now the best thing to do
Dialogue: 0,0:15:39.36,0:15:42.04,Default,,0000,0000,0000,,is to import them to your security or to
Dialogue: 0,0:15:42.04,0:15:46.88,Default,,0000,0000,0000,,to the the uh Group Policy editor
Dialogue: 0,0:15:46.88,0:15:49.76,Default,,0000,0000,0000,,lgpo as you can see is an executable
Dialogue: 0,0:15:49.76,0:15:52.48,Default,,0000,0000,0000,,file all right so on the task here there
Dialogue: 0,0:15:52.48,0:15:55.12,Default,,0000,0000,0000,,is find an open Baseline local and
Dialogue: 0,0:15:55.12,0:15:58.20,Default,,0000,0000,0000,,install script and find the flag let's
Dialogue: 0,0:15:58.20,0:15:59.72,Default,,0000,0000,0000,,go here and see where is that script
Dialogue: 0,0:15:59.72,0:16:02.08,Default,,0000,0000,0000,,local script and there is Baseline local
Dialogue: 0,0:16:02.08,0:16:04.68,Default,,0000,0000,0000,,and install let's open this and see what
Dialogue: 0,0:16:04.68,0:16:06.84,Default,,0000,0000,0000,,it
Dialogue: 0,0:16:17.96,0:16:21.20,Default,,0000,0000,0000,,does okay so the description says
Dialogue: 0,0:16:21.20,0:16:23.04,Default,,0000,0000,0000,,applies a Windows security configuration
Dialogue: 0,0:16:23.04,0:16:25.96,Default,,0000,0000,0000,,peline to a local Group
Dialogue: 0,0:16:25.96,0:16:28.36,Default,,0000,0000,0000,,Policy execute the script with one of
Dialogue: 0,0:16:28.36,0:16:30.60,Default,,0000,0000,0000,,the required command line switches to
Dialogue: 0,0:16:30.60,0:16:33.28,Default,,0000,0000,0000,,install the corresponding pay
Dialogue: 0,0:16:33.28,0:16:37.12,Default,,0000,0000,0000,,line so here you specify you execute
Dialogue: 0,0:16:37.12,0:16:39.88,Default,,0000,0000,0000,,this either on a domain controller or in
Dialogue: 0,0:16:39.88,0:16:42.60,Default,,0000,0000,0000,,a domain joined machine requirements
Dialogue: 0,0:16:42.60,0:16:44.76,Default,,0000,0000,0000,,partial execution
Dialogue: 0,0:16:44.76,0:16:47.04,Default,,0000,0000,0000,,policy domain join machine and this is
Dialogue: 0,0:16:47.04,0:16:49.80,Default,,0000,0000,0000,,the flag so as you can see guys these
Dialogue: 0,0:16:49.80,0:16:51.60,Default,,0000,0000,0000,,are set of configurations that will be
Dialogue: 0,0:16:51.60,0:16:54.04,Default,,0000,0000,0000,,applied on any domain or any computer
Dialogue: 0,0:16:54.04,0:16:55.28,Default,,0000,0000,0000,,you apply it
Dialogue: 0,0:16:55.28,0:16:57.64,Default,,0000,0000,0000,,to and it will configure the group
Dialogue: 0,0:16:57.64,0:17:00.32,Default,,0000,0000,0000,,policy pays on the mentioned
Dialogue: 0,0:17:00.32,0:17:03.12,Default,,0000,0000,0000,,configurations
Dialogue: 0,0:17:10.20,0:17:12.44,Default,,0000,0000,0000,,here
Dialogue: 0,0:17:12.44,0:17:16.16,Default,,0000,0000,0000,,okay the other question find an open
Dialogue: 0,0:17:16.16,0:17:18.32,Default,,0000,0000,0000,,merge policy rule
Dialogue: 0,0:17:18.32,0:17:21.40,Default,,0000,0000,0000,,script imported from policy analyzer
Dialogue: 0,0:17:21.40,0:17:24.00,Default,,0000,0000,0000,,impartial
Dialogue: 0,0:17:26.88,0:17:31.28,Default,,0000,0000,0000,,editor so back back to policy
Dialogue: 0,0:17:31.28,0:17:33.88,Default,,0000,0000,0000,,analyzer can check the scripts merge
Dialogue: 0,0:17:33.88,0:17:35.96,Default,,0000,0000,0000,,policy let's take a look at the uh
Dialogue: 0,0:17:35.96,0:17:40.36,Default,,0000,0000,0000,,script here what it does so merge policy
Dialogue: 0,0:17:40.40,0:17:44.08,Default,,0000,0000,0000,,analyzer policy files what merge policy
Dialogue: 0,0:17:44.08,0:17:46.44,Default,,0000,0000,0000,,analyzer policy rules files into one
Dialogue: 0,0:17:46.44,0:17:49.12,Default,,0000,0000,0000,,policy rules set written into the
Dialogue: 0,0:17:49.12,0:17:51.80,Default,,0000,0000,0000,,pipeline so one of the things that
Dialogue: 0,0:17:51.80,0:17:54.20,Default,,0000,0000,0000,,policy analyzer does is that
Dialogue: 0,0:17:54.20,0:17:57.92,Default,,0000,0000,0000,,it gets rid of redundant uh policies
Dialogue: 0,0:17:57.92,0:18:00.00,Default,,0000,0000,0000,,configured in
Dialogue: 0,0:18:00.00,0:18:02.40,Default,,0000,0000,0000,,GP and if you scroll down as you can see
Dialogue: 0,0:18:02.40,0:18:04.80,Default,,0000,0000,0000,,this is the
Dialogue: 0,0:18:06.08,0:18:08.80,Default,,0000,0000,0000,,flag uh other questions we have to ask
Dialogue: 0,0:18:08.80,0:18:11.08,Default,,0000,0000,0000,,so these are the common attacks against
Dialogue: 0,0:18:11.08,0:18:12.52,Default,,0000,0000,0000,,active director we have discussed many
Dialogue: 0,0:18:12.52,0:18:14.12,Default,,0000,0000,0000,,rooms on active director penetration
Dialogue: 0,0:18:14.12,0:18:15.80,Default,,0000,0000,0000,,testing we can get back to them guys and
Dialogue: 0,0:18:15.80,0:18:19.32,Default,,0000,0000,0000,,see how uh attacks are conducted against
Dialogue: 0,0:18:19.32,0:18:21.76,Default,,0000,0000,0000,,these kind of environments so does Cur
Dialogue: 0,0:18:21.76,0:18:23.48,Default,,0000,0000,0000,,roasting utilize an offline attack
Dialogue: 0,0:18:23.48,0:18:25.52,Default,,0000,0000,0000,,scheme for cracking gted passwords we
Dialogue: 0,0:18:25.52,0:18:26.88,Default,,0000,0000,0000,,explained previously guys about C
Dialogue: 0,0:18:26.88,0:18:30.44,Default,,0000,0000,0000,,roasting just go through this again and
Dialogue: 0,0:18:30.44,0:18:32.12,Default,,0000,0000,0000,,the answer is yes it's offline because
Dialogue: 0,0:18:32.12,0:18:34.44,Default,,0000,0000,0000,,at the end you you you will you take the
Dialogue: 0,0:18:34.44,0:18:37.04,Default,,0000,0000,0000,,ticket and you crack it offline as per
Dialogue: 0,0:18:37.04,0:18:39.12,Default,,0000,0000,0000,,the generated report how many users have
Dialogue: 0,0:18:39.12,0:18:41.84,Default,,0000,0000,0000,,the same password as Aon Booth so for
Dialogue: 0,0:18:41.84,0:18:43.60,Default,,0000,0000,0000,,you guys who are asking where is the
Dialogue: 0,0:18:43.60,0:18:47.44,Default,,0000,0000,0000,,report the report is here if you go
Dialogue: 0,0:18:47.44,0:18:50.92,Default,,0000,0000,0000,,to the image here you click on it and
Dialogue: 0,0:18:50.92,0:18:52.56,Default,,0000,0000,0000,,see this is the
Dialogue: 0,0:18:52.56,0:18:55.88,Default,,0000,0000,0000,,report these are the
Dialogue: 0,0:18:55.88,0:18:59.60,Default,,0000,0000,0000,,usernames who who have the same password
Dialogue: 0,0:18:59.60,0:19:02.76,Default,,0000,0000,0000,,as you can see Iron
Dialogue: 0,0:19:02.76,0:19:04.96,Default,,0000,0000,0000,,Booth the number of accounts with the
Dialogue: 0,0:19:04.96,0:19:07.84,Default,,0000,0000,0000,,same password is
Dialogue: 0,0:19:08.16,0:19:11.72,Default,,0000,0000,0000,,186 and lastly this is cheat sheet from
Dialogue: 0,0:19:11.72,0:19:16.16,Default,,0000,0000,0000,,tryck me you can download it to uh take
Dialogue: 0,0:19:16.16,0:19:17.48,Default,,0000,0000,0000,,a look at more details on active
Dialogue: 0,0:19:17.48,0:19:21.48,Default,,0000,0000,0000,,directory hardening so that was it guys
Dialogue: 0,0:19:21.48,0:19:23.88,Default,,0000,0000,0000,,I hope you enjoyed the video and
Dialogue: 0,0:19:23.88,0:19:25.52,Default,,0000,0000,0000,,definitely I'm going to see you later to
Dialogue: 0,0:19:25.52,0:19:28.60,Default,,0000,0000,0000,,complete this track