WEBVTT

00:00:00.799 --> 00:00:02.600
what's going on guys welcome back to

00:00:02.600 --> 00:00:04.759
this video today we're doing again a try

00:00:04.759 --> 00:00:06.600
hack me video and we're going to focus

00:00:06.600 --> 00:00:09.400
on SEC the security engineer track so we

00:00:09.400 --> 00:00:11.000
have reached the active directory

00:00:11.000 --> 00:00:12.759
hardening and it's going to be the

00:00:12.759 --> 00:00:15.519
subject of this video so there are some

00:00:15.519 --> 00:00:16.840
discussed

00:00:16.840 --> 00:00:19.039
methods and I say some because there are

00:00:19.039 --> 00:00:22.199
many methods to harden and secure active

00:00:22.199 --> 00:00:25.359
uh directory meaning uh Windows server

00:00:25.359 --> 00:00:27.800
with active directory but here there are

00:00:27.800 --> 00:00:29.160
some methods that are discussed we're

00:00:29.160 --> 00:00:30.400
going to go over these methods and we're

00:00:30.400 --> 00:00:32.200
going to answer a couple questions going

00:00:32.200 --> 00:00:34.719
try to make this as simple as I

00:00:34.719 --> 00:00:39.000
can and for my members I released a new

00:00:39.000 --> 00:00:42.280
uh Note file it is under the blue team

00:00:42.280 --> 00:00:45.640
track The Blue Team notes and the name

00:00:45.640 --> 00:00:47.760
is Windows security we'll be finding

00:00:47.760 --> 00:00:50.399
this in the uh Google Drive notes all

00:00:50.399 --> 00:00:54.600
right let let get back to the room

00:00:54.600 --> 00:00:57.520
so we have a machine to spawn we going

00:00:57.520 --> 00:01:01.359
to click on start the machine

00:01:01.359 --> 00:01:04.319
so basically the task two is about

00:01:04.319 --> 00:01:08.400
Concepts on active directory so it's not

00:01:08.400 --> 00:01:11.640
a comprehensive uh list or comprehensive

00:01:11.640 --> 00:01:14.360
uh you know uh it doesn't contain all

00:01:14.360 --> 00:01:16.560
everything about directory but you know

00:01:16.560 --> 00:01:17.720
if you are going through active

00:01:17.720 --> 00:01:19.200
directory hardening you must know what

00:01:19.200 --> 00:01:22.040
is domain domain controller and the

00:01:22.040 --> 00:01:23.680
definition of trees and Forest we're

00:01:23.680 --> 00:01:25.840
going to talk about this but there is

00:01:25.840 --> 00:01:27.400
there are two questions here one

00:01:27.400 --> 00:01:29.640
question what is the root domain in the

00:01:29.640 --> 00:01:33.680
tab ad machine so basically here uh

00:01:33.680 --> 00:01:34.720
let's

00:01:34.720 --> 00:01:37.399
see yeah the machine is

00:01:37.399 --> 00:01:41.759
still uh starting so here we have triac

00:01:41.759 --> 00:01:45.159
me. ioc is the root domain and Z a.

00:01:45.159 --> 00:01:48.560
triac me is not the subdomain uh we it's

00:01:48.560 --> 00:01:50.880
it's called the child domain so both

00:01:50.880 --> 00:01:55.520
these domains um exists under uh the

00:01:55.520 --> 00:01:58.880
same tree so we call this a tree because

00:01:58.880 --> 00:02:01.759
it contains more more than one domain

00:02:01.759 --> 00:02:03.920
now the subject of this video will be on

00:02:03.920 --> 00:02:06.759
the securing authentication

00:02:06.759 --> 00:02:10.038
methods and the other tasks so let's

00:02:10.038 --> 00:02:11.720
first make sure that the machine is up

00:02:11.720 --> 00:02:15.239
and running going click on split

00:02:20.040 --> 00:02:24.400
view okay so going to task three so in

00:02:24.400 --> 00:02:28.760
task three we have the land manager

00:02:28.760 --> 00:02:31.160
hash SMB

00:02:31.160 --> 00:02:33.560
signing ldb

00:02:33.560 --> 00:02:36.120
signing password policies and

00:02:36.120 --> 00:02:38.640
rotation and some suggestions on

00:02:38.640 --> 00:02:41.920
password policies so these are settings

00:02:41.920 --> 00:02:44.080
that you can configure on your active

00:02:44.080 --> 00:02:46.000
directory to make sure that the

00:02:46.000 --> 00:02:49.000
authentication process is secure meaning

00:02:49.000 --> 00:02:50.280
uh MIT

00:02:50.280 --> 00:02:54.000
Maxs have little to no chance to succeed

00:02:54.000 --> 00:02:55.840
at the same time you configure strong

00:02:55.840 --> 00:03:00.400
password policy for uh your users

00:03:00.400 --> 00:03:02.440
simultaneously in task four here they

00:03:02.440 --> 00:03:05.280
talk about the General

00:03:05.280 --> 00:03:09.200
Security um Concepts here so for example

00:03:09.200 --> 00:03:12.599
the role based access control the uh

00:03:12.599 --> 00:03:14.480
methods of Access Control the principle

00:03:14.480 --> 00:03:16.760
of leas privilege all of these are

00:03:16.760 --> 00:03:19.560
General Security controls that you can

00:03:19.560 --> 00:03:21.599
um apply to the active directory or

00:03:21.599 --> 00:03:24.000
Windows Server active directory and here

00:03:24.000 --> 00:03:25.080
there are two

00:03:25.080 --> 00:03:27.959
questions so computers and printers must

00:03:27.959 --> 00:03:30.159
be added to tier zero so here's about

00:03:30.159 --> 00:03:33.120
tiered access model now the tiered

00:03:33.120 --> 00:03:35.000
access model is not discussed in

00:03:35.000 --> 00:03:38.439
computer in comp Security Plus so here

00:03:38.439 --> 00:03:41.200
I'm preparing for you guys a note file

00:03:41.200 --> 00:03:44.519
to prepare for comp Security Plus

00:03:44.519 --> 00:03:48.159
so here in comp Security

00:03:48.159 --> 00:03:50.799
Plus there are

00:03:50.799 --> 00:03:53.599
certain models for Access Control oh my

00:03:53.599 --> 00:03:56.959
God many things about as control as

00:03:56.959 --> 00:04:01.400
control uh methods model

00:04:01.400 --> 00:04:05.400
just too hard to find them

00:04:12.439 --> 00:04:15.680
Mac okay as you can see guys in comp

00:04:15.680 --> 00:04:18.238
Security Plus we discuss discretionary

00:04:18.238 --> 00:04:20.320
Access Control role pce

00:04:20.320 --> 00:04:22.639
mandatory and there is the rule based

00:04:22.639 --> 00:04:24.639
access control as well if you scroll

00:04:24.639 --> 00:04:27.479
down you're going to find it

00:04:27.479 --> 00:04:30.759
maybe rule pay access control so all of

00:04:30.759 --> 00:04:32.440
these access

00:04:32.440 --> 00:04:36.720
controls are used depending on the

00:04:36.720 --> 00:04:39.360
scenario or depending on organization so

00:04:39.360 --> 00:04:42.759
tiered access model groups your

00:04:42.759 --> 00:04:44.840
resources based on tiers for example as

00:04:44.840 --> 00:04:47.960
you can see tier zero includes top

00:04:47.960 --> 00:04:50.759
level uh resources such as admin

00:04:50.759 --> 00:04:53.000
accounts domain controller and

00:04:53.000 --> 00:04:57.320
groups so tier one applications and

00:04:57.320 --> 00:05:01.560
servers tier two and user devices so the

00:05:01.560 --> 00:05:04.320
higher it goes the less sensitive it

00:05:04.320 --> 00:05:07.639
becomes so as you can see tier zero it's

00:05:07.639 --> 00:05:10.320
the highest contains the highest

00:05:10.320 --> 00:05:12.240
sensitive resources such as admin

00:05:12.240 --> 00:05:14.160
accounts domain controller and groups so

00:05:14.160 --> 00:05:16.160
here the question is computers and

00:05:16.160 --> 00:05:19.880
printers must be added to tier zero nope

00:05:19.880 --> 00:05:21.600
because computers and printers are end

00:05:21.600 --> 00:05:24.240
points so we can add them to tier two

00:05:24.240 --> 00:05:25.919
suppose a vendor arrived at your

00:05:25.919 --> 00:05:29.680
facility for a twoe duration visit task

00:05:29.680 --> 00:05:31.639
being a system administrator you should

00:05:31.639 --> 00:05:34.800
create a high privileged account for him

00:05:34.800 --> 00:05:38.160
nope because this goes to uh the role

00:05:38.160 --> 00:05:40.960
ped access control so in role ped Access

00:05:40.960 --> 00:05:43.800
Control we assign people

00:05:43.800 --> 00:05:47.319
resources and permissions pays on their

00:05:47.319 --> 00:05:50.600
uh job and additionally we apply the

00:05:50.600 --> 00:05:53.039
principle of lease

00:05:53.039 --> 00:05:55.319
privilege meaning the least privileged

00:05:55.319 --> 00:05:58.520
means that if they don't need access to

00:05:58.520 --> 00:06:00.840
a certain resource we don't grant them

00:06:00.840 --> 00:06:03.160
that uh permission to access that

00:06:03.160 --> 00:06:05.360
resource depending on your job

00:06:05.360 --> 00:06:07.880
description on your need as

00:06:07.880 --> 00:06:12.039
well okay so finally the machine

00:06:12.039 --> 00:06:13.720
started all right so we're going to

00:06:13.720 --> 00:06:16.560
demonstrate task three now all right so

00:06:16.560 --> 00:06:18.080
we're going to allow this and we're

00:06:18.080 --> 00:06:22.560
going to start with the GP

00:06:22.560 --> 00:06:25.199
edit the group policy editor most of the

00:06:25.199 --> 00:06:27.039
policies you configure in active

00:06:27.039 --> 00:06:30.240
directory whether to harden sec cure or

00:06:30.240 --> 00:06:33.720
even to set certain settings are done

00:06:33.720 --> 00:06:36.160
via the group policy

00:06:36.160 --> 00:06:39.319
editor so it's good practice if you uh

00:06:39.319 --> 00:06:43.000
go over the policies here and understand

00:06:43.000 --> 00:06:44.440
what every single one of them the

00:06:44.440 --> 00:06:46.599
purpose of every single one of them so

00:06:46.599 --> 00:06:47.800
the first thing we're going to do is the

00:06:47.800 --> 00:06:50.120
Lan hash

00:06:50.120 --> 00:06:52.120
manager so here we're going to make sure

00:06:52.120 --> 00:06:55.960
that Windows stores the hashes for the

00:06:55.960 --> 00:06:59.440
user's password in the ntlm not the L

00:06:59.440 --> 00:07:02.120
the LM because the LM is relatively

00:07:02.120 --> 00:07:04.960
weaker than the NT right and it's

00:07:04.960 --> 00:07:06.759
vulnerable to Brute Force attacks so we

00:07:06.759 --> 00:07:08.400
make sure that the passwords or the

00:07:08.400 --> 00:07:10.039
hashes are

00:07:10.039 --> 00:07:13.240
stored uh in entty so we're going what

00:07:13.240 --> 00:07:14.400
we're going to do here we're going to go

00:07:14.400 --> 00:07:16.319
to computer configuration as you can see

00:07:16.319 --> 00:07:17.840
here and then we're going to go to

00:07:17.840 --> 00:07:20.840
policies Windows settings so in Windows

00:07:20.840 --> 00:07:23.319
settings going to expand

00:07:23.319 --> 00:07:26.360
this the machine is too slow frustration

00:07:26.360 --> 00:07:29.039
frustrating okay security settings can

00:07:29.039 --> 00:07:32.080
highlight this and expand to local

00:07:32.080 --> 00:07:34.120
policies and if we expand the local

00:07:34.120 --> 00:07:36.919
policies we go to Security Options and

00:07:36.919 --> 00:07:41.840
from Security Options here we have the

00:07:41.840 --> 00:07:43.560
security policies so as you can see

00:07:43.560 --> 00:07:47.759
there is one here that's about the uh

00:07:47.759 --> 00:07:51.639
land manager let's see what it

00:07:54.440 --> 00:07:58.520
is so it starts with don't store let's

00:07:58.520 --> 00:08:01.319
see what it is

00:08:02.039 --> 00:08:04.759
yeah this is done

00:08:04.759 --> 00:08:07.080
properties so now secure don't store

00:08:07.080 --> 00:08:09.479
Land manager hash value on next password

00:08:09.479 --> 00:08:11.919
change so by default this is enabled

00:08:11.919 --> 00:08:13.599
which is good so make sure on your end

00:08:13.599 --> 00:08:16.560
this is enabled because you don't want

00:08:16.560 --> 00:08:20.400
um the password to be stored as LM hash

00:08:20.400 --> 00:08:23.080
because it's going to be susceptible to

00:08:23.080 --> 00:08:24.520
Brute Force attacks it's going to be

00:08:24.520 --> 00:08:26.720
easily cracked all right that's the

00:08:26.720 --> 00:08:30.039
first thing to securing uh or that's the

00:08:30.039 --> 00:08:31.959
first thing you can do to secure active

00:08:31.959 --> 00:08:35.240
directory other thing is SMB signing so

00:08:35.240 --> 00:08:38.120
SMB as you know server message block is

00:08:38.120 --> 00:08:40.479
the protocol responsible for file and

00:08:40.479 --> 00:08:41.880
printer sharing so if you have file

00:08:41.880 --> 00:08:44.279
sharing printer sharing enabled this

00:08:44.279 --> 00:08:46.399
protocol most probably is enabled so the

00:08:46.399 --> 00:08:49.160
problem is the the communications happen

00:08:49.160 --> 00:08:51.680
in clear text so it's vable to mitm

00:08:51.680 --> 00:08:56.000
attack so in order to prevent this we're

00:08:56.000 --> 00:08:57.920
going to need to configure some security

00:08:57.920 --> 00:08:59.440
policies again we go to back back to

00:08:59.440 --> 00:09:02.320
window settings and then to security

00:09:02.320 --> 00:09:07.880
settings back to local policies Security

00:09:08.560 --> 00:09:12.519
Options and we're going to look for the

00:09:12.519 --> 00:09:14.320
digital sign digitally signed

00:09:14.320 --> 00:09:16.760
communication let's see what it is

00:09:16.760 --> 00:09:20.200
digitally sign secure

00:09:20.720 --> 00:09:24.320
Channel Microsoft

00:09:24.360 --> 00:09:27.240
network this is the one digitally sign

00:09:27.240 --> 00:09:30.240
communication properties and is disabled

00:09:30.240 --> 00:09:32.320
so we're going to make sure this is

00:09:32.320 --> 00:09:35.680
enabled explain go to explain going you

00:09:35.680 --> 00:09:37.959
can see more information about this

00:09:37.959 --> 00:09:40.600
digitally sign Communications the

00:09:40.600 --> 00:09:42.440
security setting determines whether

00:09:42.440 --> 00:09:44.760
packet signing is required by the SB

00:09:44.760 --> 00:09:46.760
client

00:09:46.760 --> 00:09:48.920
component so you want to you want the

00:09:48.920 --> 00:09:50.880
communications through theb to be signed

00:09:50.880 --> 00:09:53.160
and not vulnerable to mitm so you need

00:09:53.160 --> 00:09:57.240
to or therefore you need to enable

00:09:57.600 --> 00:09:59.640
this all right

00:09:59.640 --> 00:10:02.839
another thing to securing uh protocols

00:10:02.839 --> 00:10:05.760
in active directory is the lb protocol

00:10:05.760 --> 00:10:08.160
so lb is the main protocol directory is

00:10:08.160 --> 00:10:10.640
based on it's the light lightweight

00:10:10.640 --> 00:10:14.399
directory access protocol so also we

00:10:14.399 --> 00:10:17.000
want to PR secure the communications

00:10:17.000 --> 00:10:19.839
based on that protocol for mitm attacks

00:10:19.839 --> 00:10:20.839
so what we're going to do we're going

00:10:20.839 --> 00:10:23.440
need also to enable the signing of these

00:10:23.440 --> 00:10:26.839
communications so on the same uh pain

00:10:26.839 --> 00:10:28.680
here we're going to need to find domain

00:10:28.680 --> 00:10:31.640
control rer section and then we're going

00:10:31.640 --> 00:10:34.839
to look for elab Server Channel binding

00:10:34.839 --> 00:10:38.839
tokens yeah elab server signing

00:10:42.200 --> 00:10:44.519
requirements so modifying the setting

00:10:44.519 --> 00:10:46.040
may affect compatibility with the

00:10:46.040 --> 00:10:48.839
clients so here it doesn't allow me to

00:10:48.839 --> 00:10:50.639
enable it for some reason related to

00:10:50.639 --> 00:10:53.440
this explanation but usually this needs

00:10:53.440 --> 00:10:55.839
to be

00:10:56.399 --> 00:10:59.800
enabled and to the most important part

00:10:59.800 --> 00:11:02.399
is of this video is the password

00:11:02.399 --> 00:11:04.720
policies so password policies can be

00:11:04.720 --> 00:11:08.519
configured from the oh we're going to go

00:11:08.519 --> 00:11:10.639
back to security headings and we're

00:11:10.639 --> 00:11:12.760
going to check on account policies so

00:11:12.760 --> 00:11:14.480
account Poli there is account there is

00:11:14.480 --> 00:11:16.399
password policy here and from here you

00:11:16.399 --> 00:11:19.639
can configure the minimum uh and maximum

00:11:19.639 --> 00:11:22.160
length of the password the complexity

00:11:22.160 --> 00:11:24.240
the age so on and so forth for example

00:11:24.240 --> 00:11:26.600
as you can see here the Min maximum age

00:11:26.600 --> 00:11:29.680
of the pass is 42 days which means after

00:11:29.680 --> 00:11:32.560
42 days your users will be prompted to

00:11:32.560 --> 00:11:35.160
change their

00:11:35.160 --> 00:11:37.279
password that's the maximum age and

00:11:37.279 --> 00:11:39.040
that's the minimum age minimum age is

00:11:39.040 --> 00:11:41.120
one meaning you cannot change your

00:11:41.120 --> 00:11:44.120
password uh during the first day of the

00:11:44.120 --> 00:11:46.399
assignment and you have minimum password

00:11:46.399 --> 00:11:49.120
link is seven

00:11:49.560 --> 00:11:53.079
characters so these are the uh some

00:11:53.079 --> 00:11:54.959
settings you can see and you askk there

00:11:54.959 --> 00:11:57.279
are some questions to answer so we

00:11:57.279 --> 00:12:00.079
scroll down change CH the yeah what is

00:12:00.079 --> 00:12:02.240
the default minimum password length it

00:12:02.240 --> 00:12:04.639
was seven as you can see

00:12:04.639 --> 00:12:08.800
here going back showing it one more time

00:12:08.800 --> 00:12:11.760
to you guys so seven characters all

00:12:11.760 --> 00:12:14.160
right so these are these are some

00:12:14.160 --> 00:12:16.240
policies that you can enable to harden

00:12:16.240 --> 00:12:19.800
your active directory or to maybe secure

00:12:19.800 --> 00:12:22.240
the authentication so additionally there

00:12:22.240 --> 00:12:25.720
is in Task 5 there is this nice new tool

00:12:25.720 --> 00:12:27.560
that I haven't heard before it is a

00:12:27.560 --> 00:12:31.240
Microsoft security compliance tool kit

00:12:31.240 --> 00:12:33.360
so this

00:12:33.360 --> 00:12:38.000
tool let's go to the relative folder

00:12:38.279 --> 00:12:42.360
scripts open that

00:12:43.240 --> 00:12:46.000
okay opening the link of the tool so if

00:12:46.000 --> 00:12:48.399
you download this tool it will give you

00:12:48.399 --> 00:12:50.720
recommendations and give you ready

00:12:50.720 --> 00:12:53.240
templates so that you download them and

00:12:53.240 --> 00:12:54.720
configure active directory if you don't

00:12:54.720 --> 00:12:56.800
know what to what to do and what

00:12:56.800 --> 00:12:59.279
policies to configure you can uh

00:12:59.279 --> 00:13:02.760
download this tool and retrieve ready

00:13:02.760 --> 00:13:05.480
templates to configure for example on

00:13:05.480 --> 00:13:08.480
Group Policy there are already readymade

00:13:08.480 --> 00:13:12.240
um uh configurations for example here

00:13:12.240 --> 00:13:15.720
Windows Server 2019 security Baseline

00:13:15.720 --> 00:13:18.560
downloaded from the tool itself

00:13:18.560 --> 00:13:22.279
so to illustrate further in the figures

00:13:22.279 --> 00:13:23.560
here as you can see when you run this

00:13:23.560 --> 00:13:26.320
tool it gives you the

00:13:26.320 --> 00:13:29.399
templates now here Windows server 22

00:13:29.399 --> 00:13:32.920
security peline zip this is zip file and

00:13:32.920 --> 00:13:35.399
it was downloaded to this machine and

00:13:35.399 --> 00:13:37.480
once downloaded you can see the relative

00:13:37.480 --> 00:13:39.880
folder if you open it and go to local

00:13:39.880 --> 00:13:42.360
scripts you can see the partial script

00:13:42.360 --> 00:13:46.959
that if you um run it will configure uh

00:13:46.959 --> 00:13:50.120
the uh configurations set on this Bas

00:13:50.120 --> 00:13:52.519
line so the P line it's actually

00:13:52.519 --> 00:13:54.800
collection and combination of

00:13:54.800 --> 00:13:56.839
configurations that makes sure your

00:13:56.839 --> 00:14:00.920
Windows server is secure Bas on specific

00:14:00.920 --> 00:14:03.880
Baseline right and you can use this as a

00:14:03.880 --> 00:14:05.959
start if you don't know what to do

00:14:05.959 --> 00:14:09.959
additionally there is the policy

00:14:09.959 --> 00:14:14.120
analyzer again Guys these are uh can be

00:14:14.120 --> 00:14:16.160
downloaded by running the tool on your

00:14:16.160 --> 00:14:18.040
machine and then selecting the

00:14:18.040 --> 00:14:20.040
configuration you want to download it be

00:14:20.040 --> 00:14:21.440
downloaded in zip file and you can

00:14:21.440 --> 00:14:23.800
extract and see it this way so policy

00:14:23.800 --> 00:14:25.720
analyzer analyzes the group policy

00:14:25.720 --> 00:14:30.680
settings in your environment okay

00:14:31.279 --> 00:14:35.320
and as you can see here there are the

00:14:37.040 --> 00:14:39.079
demonstrations so if you go back here to

00:14:39.079 --> 00:14:41.639
policy analyzer you can see these are

00:14:41.639 --> 00:14:44.720
the uh scripts that if you run we

00:14:44.720 --> 00:14:47.600
configure your group policy based on the

00:14:47.600 --> 00:14:49.800
settings let's go over one of them so if

00:14:49.800 --> 00:14:52.720
you go back to Windows Server security

00:14:52.720 --> 00:14:56.680
Baseline and check the

00:14:57.680 --> 00:15:01.320
gpos so as you can see these gpos can be

00:15:01.320 --> 00:15:03.839
directly imported to your group policy

00:15:03.839 --> 00:15:07.839
editor based on the machine and the

00:15:09.600 --> 00:15:13.920
user if you open this in XML

00:15:20.279 --> 00:15:24.320
format hopefully it's going to

00:15:27.600 --> 00:15:29.920
open

00:15:29.920 --> 00:15:33.519
yeah see guys these are

00:15:33.519 --> 00:15:36.519
the

00:15:37.079 --> 00:15:39.360
configurations now the best thing to do

00:15:39.360 --> 00:15:42.040
is to import them to your security or to

00:15:42.040 --> 00:15:46.880
to the the uh Group Policy editor

00:15:46.880 --> 00:15:49.759
lgpo as you can see is an executable

00:15:49.759 --> 00:15:52.480
file all right so on the task here there

00:15:52.480 --> 00:15:55.120
is find an open Baseline local and

00:15:55.120 --> 00:15:58.199
install script and find the flag let's

00:15:58.199 --> 00:15:59.720
go here and see where is that script

00:15:59.720 --> 00:16:02.079
local script and there is Baseline local

00:16:02.079 --> 00:16:04.680
and install let's open this and see what

00:16:04.680 --> 00:16:06.839
it

00:16:17.959 --> 00:16:21.199
does okay so the description says

00:16:21.199 --> 00:16:23.040
applies a Windows security configuration

00:16:23.040 --> 00:16:25.959
peline to a local Group

00:16:25.959 --> 00:16:28.360
Policy execute the script with one of

00:16:28.360 --> 00:16:30.600
the required command line switches to

00:16:30.600 --> 00:16:33.279
install the corresponding pay

00:16:33.279 --> 00:16:37.120
line so here you specify you execute

00:16:37.120 --> 00:16:39.880
this either on a domain controller or in

00:16:39.880 --> 00:16:42.600
a domain joined machine requirements

00:16:42.600 --> 00:16:44.759
partial execution

00:16:44.759 --> 00:16:47.040
policy domain join machine and this is

00:16:47.040 --> 00:16:49.800
the flag so as you can see guys these

00:16:49.800 --> 00:16:51.600
are set of configurations that will be

00:16:51.600 --> 00:16:54.040
applied on any domain or any computer

00:16:54.040 --> 00:16:55.279
you apply it

00:16:55.279 --> 00:16:57.639
to and it will configure the group

00:16:57.639 --> 00:17:00.319
policy pays on the mentioned

00:17:00.319 --> 00:17:03.120
configurations

00:17:10.199 --> 00:17:12.439
here

00:17:12.439 --> 00:17:16.160
okay the other question find an open

00:17:16.160 --> 00:17:18.319
merge policy rule

00:17:18.319 --> 00:17:21.400
script imported from policy analyzer

00:17:21.400 --> 00:17:24.000
impartial

00:17:26.880 --> 00:17:31.280
editor so back back to policy

00:17:31.280 --> 00:17:33.880
analyzer can check the scripts merge

00:17:33.880 --> 00:17:35.960
policy let's take a look at the uh

00:17:35.960 --> 00:17:40.360
script here what it does so merge policy

00:17:40.400 --> 00:17:44.080
analyzer policy files what merge policy

00:17:44.080 --> 00:17:46.440
analyzer policy rules files into one

00:17:46.440 --> 00:17:49.120
policy rules set written into the

00:17:49.120 --> 00:17:51.799
pipeline so one of the things that

00:17:51.799 --> 00:17:54.200
policy analyzer does is that

00:17:54.200 --> 00:17:57.919
it gets rid of redundant uh policies

00:17:57.919 --> 00:18:00.000
configured in

00:18:00.000 --> 00:18:02.400
GP and if you scroll down as you can see

00:18:02.400 --> 00:18:04.799
this is the

00:18:06.080 --> 00:18:08.799
flag uh other questions we have to ask

00:18:08.799 --> 00:18:11.080
so these are the common attacks against

00:18:11.080 --> 00:18:12.520
active director we have discussed many

00:18:12.520 --> 00:18:14.120
rooms on active director penetration

00:18:14.120 --> 00:18:15.799
testing we can get back to them guys and

00:18:15.799 --> 00:18:19.320
see how uh attacks are conducted against

00:18:19.320 --> 00:18:21.760
these kind of environments so does Cur

00:18:21.760 --> 00:18:23.480
roasting utilize an offline attack

00:18:23.480 --> 00:18:25.520
scheme for cracking gted passwords we

00:18:25.520 --> 00:18:26.880
explained previously guys about C

00:18:26.880 --> 00:18:30.440
roasting just go through this again and

00:18:30.440 --> 00:18:32.120
the answer is yes it's offline because

00:18:32.120 --> 00:18:34.440
at the end you you you will you take the

00:18:34.440 --> 00:18:37.039
ticket and you crack it offline as per

00:18:37.039 --> 00:18:39.120
the generated report how many users have

00:18:39.120 --> 00:18:41.840
the same password as Aon Booth so for

00:18:41.840 --> 00:18:43.600
you guys who are asking where is the

00:18:43.600 --> 00:18:47.440
report the report is here if you go

00:18:47.440 --> 00:18:50.919
to the image here you click on it and

00:18:50.919 --> 00:18:52.559
see this is the

00:18:52.559 --> 00:18:55.880
report these are the

00:18:55.880 --> 00:18:59.600
usernames who who have the same password

00:18:59.600 --> 00:19:02.760
as you can see Iron

00:19:02.760 --> 00:19:04.960
Booth the number of accounts with the

00:19:04.960 --> 00:19:07.840
same password is

00:19:08.159 --> 00:19:11.720
186 and lastly this is cheat sheet from

00:19:11.720 --> 00:19:16.159
tryck me you can download it to uh take

00:19:16.159 --> 00:19:17.480
a look at more details on active

00:19:17.480 --> 00:19:21.480
directory hardening so that was it guys

00:19:21.480 --> 00:19:23.880
I hope you enjoyed the video and

00:19:23.880 --> 00:19:25.520
definitely I'm going to see you later to

00:19:25.520 --> 00:19:28.600
complete this track