[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.80,0:00:02.60,Default,,0000,0000,0000,,What's going on, guys? Welcome back to
Dialogue: 0,0:00:02.60,0:00:05.67,Default,,0000,0000,0000,,this video. Today, we're doing another TryHackMe video,
Dialogue: 0,0:00:05.67,0:00:07.00,Default,,0000,0000,0000,,and we're going to focus
Dialogue: 0,0:00:07.00,0:00:09.40,Default,,0000,0000,0000,,on the Security Engineer track. We
Dialogue: 0,0:00:09.40,0:00:11.00,Default,,0000,0000,0000,,have reached Active Directory
Dialogue: 0,0:00:11.00,0:00:12.76,Default,,0000,0000,0000,,hardening, which will be the
Dialogue: 0,0:00:12.76,0:00:15.52,Default,,0000,0000,0000,,subject of this video. There are some methods
Dialogue: 0,0:00:15.52,0:00:16.84,Default,,0000,0000,0000,,discussed,
Dialogue: 0,0:00:16.84,0:00:19.04,Default,,0000,0000,0000,,and I say "some" because there are
Dialogue: 0,0:00:19.04,0:00:22.20,Default,,0000,0000,0000,,many methods to harden and secure Active
Dialogue: 0,0:00:22.20,0:00:25.36,Default,,0000,0000,0000,,Directory, meaning Windows Server
Dialogue: 0,0:00:25.36,0:00:27.80,Default,,0000,0000,0000,,with Active Directory. But here there are
Dialogue: 0,0:00:27.80,0:00:29.16,Default,,0000,0000,0000,,some methods that are discussed. We're
Dialogue: 0,0:00:29.16,0:00:30.40,Default,,0000,0000,0000,,going to go over these methods and we're
Dialogue: 0,0:00:30.40,0:00:32.20,Default,,0000,0000,0000,,going to answer a couple questions and
Dialogue: 0,0:00:32.20,0:00:34.72,Default,,0000,0000,0000,,try to make this as simple as I
Dialogue: 0,0:00:34.72,0:00:39.00,Default,,0000,0000,0000,,can. And for my members, I released a new
Dialogue: 0,0:00:39.00,0:00:42.28,Default,,0000,0000,0000,,note file. It’s under the Blue Team
Dialogue: 0,0:00:42.28,0:00:45.64,Default,,0000,0000,0000,,track, in the Blue Team notes, and it’s
Dialogue: 0,0:00:45.64,0:00:47.76,Default,,0000,0000,0000,,called Windows Security. You’ll find
Dialogue: 0,0:00:47.76,0:00:50.88,Default,,0000,0000,0000,,this in the Google Drive notes. Alright,
Dialogue: 0,0:00:50.88,0:00:53.10,Default,,0000,0000,0000,,let’s get back to the room.
Dialogue: 0,0:00:53.10,0:00:57.52,Default,,0000,0000,0000,,So we have a machine to spawn. We're going to
Dialogue: 0,0:00:57.52,0:01:00.47,Default,,0000,0000,0000,,click on "Start the machine,"
Dialogue: 0,0:01:01.36,0:01:04.32,Default,,0000,0000,0000,,so basically, Task 2 is about
Dialogue: 0,0:01:04.32,0:01:08.40,Default,,0000,0000,0000,,concepts on Active Directory. It’s not
Dialogue: 0,0:01:08.40,0:01:11.64,Default,,0000,0000,0000,,a comprehensive list or comprehensive,
Dialogue: 0,0:01:11.64,0:01:14.36,Default,,0000,0000,0000,,you know, it doesn't contain
Dialogue: 0,0:01:14.36,0:01:16.56,Default,,0000,0000,0000,,everything about Active Directory, but
Dialogue: 0,0:01:16.56,0:01:17.72,Default,,0000,0000,0000,,if you're going through Active
Dialogue: 0,0:01:17.72,0:01:19.20,Default,,0000,0000,0000,,Directory hardening, you must know what a
Dialogue: 0,0:01:19.20,0:01:22.04,Default,,0000,0000,0000,,domain is, what a domain controller is, and the
Dialogue: 0,0:01:22.04,0:01:23.68,Default,,0000,0000,0000,,definitions of trees and forests. We are
Dialogue: 0,0:01:23.68,0:01:25.84,Default,,0000,0000,0000,,going to talk about this, but
Dialogue: 0,0:01:25.84,0:01:27.40,Default,,0000,0000,0000,,there are two questions here. One
Dialogue: 0,0:01:27.40,0:01:29.64,Default,,0000,0000,0000,,question is, "What is the root domain in
Dialogue: 0,0:01:29.64,0:01:33.68,Default,,0000,0000,0000,,the attached AD machine?" So, basically, here
Dialogue: 0,0:01:33.68,0:01:34.54,Default,,0000,0000,0000,,let’s see...
Dialogue: 0,0:01:35.85,0:01:39.67,Default,,0000,0000,0000,,the machine is still starting.
Dialogue: 0,0:01:39.67,0:01:43.21,Default,,0000,0000,0000,,Here we have TryHackMe.IOC
Dialogue: 0,0:01:43.21,0:01:46.14,Default,,0000,0000,0000,,is the root domain, and ZA.TryHackMe
Dialogue: 0,0:01:46.14,0:01:50.01,Default,,0000,0000,0000,,is not a subdomain; it’s called a child domain.
Dialogue: 0,0:01:50.01,0:01:50.88,Default,,0000,0000,0000,,So, both
Dialogue: 0,0:01:50.88,0:01:56.49,Default,,0000,0000,0000,,these domains exist under the same tree.
Dialogue: 0,0:01:56.49,0:01:58.88,Default,,0000,0000,0000,,We call it a tree because
Dialogue: 0,0:01:58.88,0:02:01.44,Default,,0000,0000,0000,,it contains more than one domain.
Dialogue: 0,0:02:01.76,0:02:03.92,Default,,0000,0000,0000,,Now, the subject of this video will be
Dialogue: 0,0:02:03.92,0:02:07.02,Default,,0000,0000,0000,,securing authentication methods
Dialogue: 0,0:02:07.02,0:02:10.04,Default,,0000,0000,0000,,and the other tasks. So, let’s
Dialogue: 0,0:02:10.04,0:02:11.72,Default,,0000,0000,0000,,first make sure that the machine is up
Dialogue: 0,0:02:11.72,0:02:14.30,Default,,0000,0000,0000,,and running, and then click on Split View.
Dialogue: 0,0:02:20.89,0:02:24.40,Default,,0000,0000,0000,,Okay, going to Task 3. In
Dialogue: 0,0:02:24.40,0:02:30.47,Default,,0000,0000,0000,,Task 3, we have the LAN Manager hash, SMB
Dialogue: 0,0:02:30.47,0:02:31.16,Default,,0000,0000,0000,,signing,
Dialogue: 0,0:02:31.16,0:02:33.56,Default,,0000,0000,0000,,LDAP signing,
Dialogue: 0,0:02:33.56,0:02:36.60,Default,,0000,0000,0000,,password policies, and rotation,
Dialogue: 0,0:02:36.60,0:02:38.64,Default,,0000,0000,0000,,along with some suggestions on
Dialogue: 0,0:02:38.64,0:02:41.92,Default,,0000,0000,0000,,password policies. These are settings
Dialogue: 0,0:02:41.92,0:02:44.08,Default,,0000,0000,0000,,that you can configure on your Active
Dialogue: 0,0:02:44.08,0:02:46.00,Default,,0000,0000,0000,,Directory to make sure that the
Dialogue: 0,0:02:46.00,0:02:49.00,Default,,0000,0000,0000,,authentication process is secure, meaning
Dialogue: 0,0:02:49.00,0:02:50.87,Default,,0000,0000,0000,,MITM attacks
Dialogue: 0,0:02:50.87,0:02:54.00,Default,,0000,0000,0000,,have little to no chance of succeeding.
Dialogue: 0,0:02:54.00,0:02:55.84,Default,,0000,0000,0000,,At the same time, you configure a strong
Dialogue: 0,0:02:55.84,0:02:59.57,Default,,0000,0000,0000,,password policy for your users.
Dialogue: 0,0:03:00.40,0:03:02.44,Default,,0000,0000,0000,,Simultaneously, in Task 4, they
Dialogue: 0,0:03:02.44,0:03:05.99,Default,,0000,0000,0000,,talk about general security
Dialogue: 0,0:03:05.99,0:03:09.20,Default,,0000,0000,0000,,concepts. For example,
Dialogue: 0,0:03:09.20,0:03:11.70,Default,,0000,0000,0000,,role-based access control,
Dialogue: 0,0:03:12.60,0:03:14.48,Default,,0000,0000,0000,,methods of access control, the principle
Dialogue: 0,0:03:14.48,0:03:16.76,Default,,0000,0000,0000,,of least privilege--these are all
Dialogue: 0,0:03:16.76,0:03:19.56,Default,,0000,0000,0000,,general security controls that you can
Dialogue: 0,0:03:19.56,0:03:21.60,Default,,0000,0000,0000,,apply to Active Directory or
Dialogue: 0,0:03:21.60,0:03:24.00,Default,,0000,0000,0000,,Windows Server Active Directory.
Dialogue: 0,0:03:24.00,0:03:25.47,Default,,0000,0000,0000,,There are two questions here:
Dialogue: 0,0:03:25.47,0:03:27.96,Default,,0000,0000,0000,,"Computers and printers must
Dialogue: 0,0:03:27.96,0:03:30.16,Default,,0000,0000,0000,,be added to Tier 0?" This is about the
Dialogue: 0,0:03:30.16,0:03:33.12,Default,,0000,0000,0000,,tiered access model. The tiered
Dialogue: 0,0:03:33.12,0:03:35.00,Default,,0000,0000,0000,,access model is not discussed in
Dialogue: 0,0:03:35.00,0:03:38.44,Default,,0000,0000,0000,,CompTIA Security+. So here,
Dialogue: 0,0:03:38.44,0:03:41.20,Default,,0000,0000,0000,,I’m preparing a note file for you guys to help you
Dialogue: 0,0:03:41.20,0:03:44.52,Default,,0000,0000,0000,,prepare for CompTIA Security+.
Dialogue: 0,0:03:44.52,0:03:48.97,Default,,0000,0000,0000,,In CompTIA Security+,
Dialogue: 0,0:03:48.97,0:03:50.80,Default,,0000,0000,0000,,there are certain
Dialogue: 0,0:03:50.80,0:03:53.60,Default,,0000,0000,0000,,models for access control. Oh my
Dialogue: 0,0:03:53.60,0:03:56.96,Default,,0000,0000,0000,,god, there are many things about access control: access
Dialogue: 0,0:03:56.96,0:04:01.40,Default,,0000,0000,0000,,control methods, models. It’s
Dialogue: 0,0:04:01.40,0:04:05.40,Default,,0000,0000,0000,,just too hard to find them... MAC,
Dialogue: 0,0:04:12.44,0:04:16.65,Default,,0000,0000,0000,,okay... As you can see, in CompTIA Security+,
Dialogue: 0,0:04:16.65,0:04:18.24,Default,,0000,0000,0000,,we discuss discretionary
Dialogue: 0,0:04:18.24,0:04:20.32,Default,,0000,0000,0000,,access control, role-based,
Dialogue: 0,0:04:20.32,0:04:22.64,Default,,0000,0000,0000,,mandatory, and rule-based
Dialogue: 0,0:04:22.64,0:04:24.64,Default,,0000,0000,0000,,access control as well. If you scroll
Dialogue: 0,0:04:24.64,0:04:27.48,Default,,0000,0000,0000,,down, you’ll find it--
Dialogue: 0,0:04:27.48,0:04:30.76,Default,,0000,0000,0000,,maybe rule--based access control. All of
Dialogue: 0,0:04:30.76,0:04:32.44,Default,,0000,0000,0000,,these access controls
Dialogue: 0,0:04:32.44,0:04:36.72,Default,,0000,0000,0000,,are used depending on the
Dialogue: 0,0:04:36.72,0:04:39.36,Default,,0000,0000,0000,,scenario or the organization. A
Dialogue: 0,0:04:39.36,0:04:42.76,Default,,0000,0000,0000,,tiered access model groups your
Dialogue: 0,0:04:42.76,0:04:44.84,Default,,0000,0000,0000,,resources based on tiers. For example,
Dialogue: 0,0:04:44.84,0:04:47.96,Default,,0000,0000,0000,,Tier 0 includes top-level
Dialogue: 0,0:04:47.96,0:04:50.76,Default,,0000,0000,0000,,resources such as admin
Dialogue: 0,0:04:50.76,0:04:53.00,Default,,0000,0000,0000,,accounts, domain controllers, and
Dialogue: 0,0:04:53.00,0:04:57.32,Default,,0000,0000,0000,,groups. Tier 1 contains applications and
Dialogue: 0,0:04:57.32,0:05:01.56,Default,,0000,0000,0000,,servers, and Tier 2 consists of end-user devices. The
Dialogue: 0,0:05:01.56,0:05:04.32,Default,,0000,0000,0000,,higher the tier, the less sensitive it
Dialogue: 0,0:05:04.32,0:05:07.64,Default,,0000,0000,0000,,becomes. So, as you can see, Tier 0, it's
Dialogue: 0,0:05:07.64,0:05:10.32,Default,,0000,0000,0000,,the highest, contains the highest
Dialogue: 0,0:05:10.32,0:05:12.24,Default,,0000,0000,0000,,sensitive resources such as admin
Dialogue: 0,0:05:12.24,0:05:14.16,Default,,0000,0000,0000,,accounts, domain controllers, and groups. So
Dialogue: 0,0:05:14.16,0:05:16.16,Default,,0000,0000,0000,,here, the question is: "Computers and
Dialogue: 0,0:05:16.16,0:05:19.88,Default,,0000,0000,0000,,printers must be added to Tier 0?" Nope,
Dialogue: 0,0:05:19.88,0:05:22.32,Default,,0000,0000,0000,,because computers and printers are endpoints,
Dialogue: 0,0:05:22.32,0:05:24.24,Default,,0000,0000,0000,,so we can add them to Tier 2.
Dialogue: 0,0:05:24.24,0:05:25.92,Default,,0000,0000,0000,,Suppose a vendor arrives at your
Dialogue: 0,0:05:25.92,0:05:29.68,Default,,0000,0000,0000,,facility for a two-week visit task.
Dialogue: 0,0:05:29.68,0:05:31.64,Default,,0000,0000,0000,,Being a system administrator, should you
Dialogue: 0,0:05:31.64,0:05:34.80,Default,,0000,0000,0000,,create a high-privileged account for him?
Dialogue: 0,0:05:34.80,0:05:38.71,Default,,0000,0000,0000,,Nope, because this goes to role-based
Dialogue: 0,0:05:38.71,0:05:40.96,Default,,0000,0000,0000,,access control. In role-based access
Dialogue: 0,0:05:40.96,0:05:43.80,Default,,0000,0000,0000,,control, we assign people
Dialogue: 0,0:05:43.80,0:05:47.32,Default,,0000,0000,0000,,resources and permissions based on their
Dialogue: 0,0:05:47.32,0:05:50.60,Default,,0000,0000,0000,,job. Additionally, we apply the
Dialogue: 0,0:05:50.60,0:05:53.67,Default,,0000,0000,0000,,principle of least privilege.
Dialogue: 0,0:05:53.67,0:05:55.32,Default,,0000,0000,0000,,Least privilege, meaning... Least privilege
Dialogue: 0,0:05:55.32,0:05:58.52,Default,,0000,0000,0000,,means that if they don't need access to
Dialogue: 0,0:05:58.52,0:06:00.84,Default,,0000,0000,0000,,a certain resource, we don’t grant them
Dialogue: 0,0:06:00.84,0:06:03.16,Default,,0000,0000,0000,,permission to access that
Dialogue: 0,0:06:03.16,0:06:05.36,Default,,0000,0000,0000,,resource depending on your job
Dialogue: 0,0:06:05.36,0:06:07.88,Default,,0000,0000,0000,,description and on your needs as well.
Dialogue: 0,0:06:07.88,0:06:11.02,Default,,0000,0000,0000,,Okay, so finally, the machine has started.
Dialogue: 0,0:06:12.04,0:06:13.72,Default,,0000,0000,0000,,Alright, we’re going to
Dialogue: 0,0:06:13.72,0:06:16.56,Default,,0000,0000,0000,,demonstrate Task 3 now. Alright. So,
Dialogue: 0,0:06:16.56,0:06:18.08,Default,,0000,0000,0000,,we’re going to allow this, and we’re
Dialogue: 0,0:06:18.08,0:06:22.56,Default,,0000,0000,0000,,going to start with GPEDIT,
Dialogue: 0,0:06:22.56,0:06:25.20,Default,,0000,0000,0000,,the Group Policy Editor. Most of the
Dialogue: 0,0:06:25.20,0:06:27.04,Default,,0000,0000,0000,,policies you configure in Active
Dialogue: 0,0:06:27.04,0:06:30.24,Default,,0000,0000,0000,,Directory, whether to harden, secure, or
Dialogue: 0,0:06:30.24,0:06:33.72,Default,,0000,0000,0000,,even to set certain settings, are done
Dialogue: 0,0:06:33.72,0:06:36.16,Default,,0000,0000,0000,,via the Group Policy Editor.
Dialogue: 0,0:06:36.16,0:06:39.32,Default,,0000,0000,0000,,So it’s good practice to
Dialogue: 0,0:06:39.32,0:06:43.00,Default,,0000,0000,0000,,go over the policies here and understand
Dialogue: 0,0:06:43.00,0:06:44.44,Default,,0000,0000,0000,,what every single one of them... the
Dialogue: 0,0:06:44.44,0:06:46.60,Default,,0000,0000,0000,,purpose of every single one of them. So
Dialogue: 0,0:06:46.60,0:06:47.80,Default,,0000,0000,0000,,the first thing we're going to do is the
Dialogue: 0,0:06:47.80,0:06:50.12,Default,,0000,0000,0000,,LAN Manager Hash.
Dialogue: 0,0:06:50.12,0:06:52.12,Default,,0000,0000,0000,,So here, we're going to make sure
Dialogue: 0,0:06:52.12,0:06:55.96,Default,,0000,0000,0000,,that Windows stores the hashes for the
Dialogue: 0,0:06:55.96,0:06:59.44,Default,,0000,0000,0000,,user’s password in NTLM, not
Dialogue: 0,0:06:59.44,0:07:02.12,Default,,0000,0000,0000,,not LM, because LM is relatively
Dialogue: 0,0:07:02.12,0:07:04.96,Default,,0000,0000,0000,,weaker than NTLM, right? And is
Dialogue: 0,0:07:04.96,0:07:06.76,Default,,0000,0000,0000,,vulnerable to brute-force attacks. So we
Dialogue: 0,0:07:06.76,0:07:08.40,Default,,0000,0000,0000,,make sure that the passwords or
Dialogue: 0,0:07:08.40,0:07:10.82,Default,,0000,0000,0000,,hashes are stored
Dialogue: 0,0:07:10.82,0:07:13.24,Default,,0000,0000,0000,,in NTLM. What
Dialogue: 0,0:07:13.24,0:07:14.40,Default,,0000,0000,0000,,we’re going to do here is go
Dialogue: 0,0:07:14.40,0:07:16.32,Default,,0000,0000,0000,,to Computer Configuration, as you can see
Dialogue: 0,0:07:16.32,0:07:17.84,Default,,0000,0000,0000,,here, and then go to
Dialogue: 0,0:07:17.84,0:07:20.84,Default,,0000,0000,0000,,Policies, Windows Settings. In Windows
Dialogue: 0,0:07:20.84,0:07:23.32,Default,,0000,0000,0000,,Settings, we expand this
Dialogue: 0,0:07:23.32,0:07:27.02,Default,,0000,0000,0000,,(the machine is too slow, frustrating...)
Dialogue: 0,0:07:27.02,0:07:29.04,Default,,0000,0000,0000,,Okay. Security Settings--we can
Dialogue: 0,0:07:29.04,0:07:32.08,Default,,0000,0000,0000,,highlight this and expand to Local
Dialogue: 0,0:07:32.08,0:07:34.12,Default,,0000,0000,0000,,Policies. If we expand Local
Dialogue: 0,0:07:34.12,0:07:36.92,Default,,0000,0000,0000,,Policies, we go to Security Options, and
Dialogue: 0,0:07:36.92,0:07:41.84,Default,,0000,0000,0000,,from Security Options, we have the
Dialogue: 0,0:07:41.84,0:07:43.56,Default,,0000,0000,0000,,security policies. So as you can see,
Dialogue: 0,0:07:43.56,0:07:47.76,Default,,0000,0000,0000,,there’s one here about the
Dialogue: 0,0:07:47.76,0:07:50.95,Default,,0000,0000,0000,,LAN Manager. Let’s see where it is.
Dialogue: 0,0:07:54.44,0:07:58.52,Default,,0000,0000,0000,,It starts with "Don’t store..." Let’s
Dialogue: 0,0:07:58.52,0:07:59.100,Default,,0000,0000,0000,,see where it is...
Dialogue: 0,0:08:01.55,0:08:04.54,Default,,0000,0000,0000,,Yeah, this is done.
Dialogue: 0,0:08:04.54,0:08:07.08,Default,,0000,0000,0000,,Properties--NetworkSecure--don’t store
Dialogue: 0,0:08:07.08,0:08:09.48,Default,,0000,0000,0000,,LAN Manager hash value on next password
Dialogue: 0,0:08:09.48,0:08:11.92,Default,,0000,0000,0000,,change. By default, this is enabled,
Dialogue: 0,0:08:11.92,0:08:13.60,Default,,0000,0000,0000,,which is good. Make sure on your end
Dialogue: 0,0:08:13.60,0:08:16.56,Default,,0000,0000,0000,,this is enabled because you don’t want
Dialogue: 0,0:08:16.56,0:08:20.40,Default,,0000,0000,0000,,the password to be stored as an LM hash
Dialogue: 0,0:08:20.40,0:08:23.08,Default,,0000,0000,0000,,because it's going to be susceptible to
Dialogue: 0,0:08:23.08,0:08:24.52,Default,,0000,0000,0000,,brute-force attacks. It's going to be
Dialogue: 0,0:08:24.52,0:08:26.72,Default,,0000,0000,0000,,easily cracked. Alright, that’s the
Dialogue: 0,0:08:26.72,0:08:30.04,Default,,0000,0000,0000,,first thing to securing... or that's the
Dialogue: 0,0:08:30.04,0:08:31.96,Default,,0000,0000,0000,,first thing you can do to secure Active
Dialogue: 0,0:08:31.96,0:08:35.24,Default,,0000,0000,0000,,Directory. The other thing is SMB signing.
Dialogue: 0,0:08:35.24,0:08:38.12,Default,,0000,0000,0000,,SMB (Server Message Block) is
Dialogue: 0,0:08:38.12,0:08:40.48,Default,,0000,0000,0000,,the protocol responsible for file and
Dialogue: 0,0:08:40.48,0:08:41.88,Default,,0000,0000,0000,,printer sharing. So, if you have file
Dialogue: 0,0:08:41.88,0:08:44.28,Default,,0000,0000,0000,,sharing or printer sharing enabled, this
Dialogue: 0,0:08:44.28,0:08:46.40,Default,,0000,0000,0000,,protocol is most probably enabled. The
Dialogue: 0,0:08:46.40,0:08:49.16,Default,,0000,0000,0000,,problem is that the communications happen
Dialogue: 0,0:08:49.16,0:08:51.68,Default,,0000,0000,0000,,in clear text, so it’s vulnerable to MITM
Dialogue: 0,0:08:51.68,0:08:56.00,Default,,0000,0000,0000,,attacks. So in order to prevent this, we're
Dialogue: 0,0:08:56.00,0:08:57.92,Default,,0000,0000,0000,,going to need to configure some security
Dialogue: 0,0:08:57.92,0:08:59.44,Default,,0000,0000,0000,,policies Again, we go back to
Dialogue: 0,0:08:59.44,0:09:02.32,Default,,0000,0000,0000,,Windows Settings, then to Security
Dialogue: 0,0:09:02.32,0:09:07.88,Default,,0000,0000,0000,,Settings, back to Local Policies, Security Options,
Dialogue: 0,0:09:08.56,0:09:12.52,Default,,0000,0000,0000,,and we’ll look for the
Dialogue: 0,0:09:12.52,0:09:14.32,Default,,0000,0000,0000,,digitally signed
Dialogue: 0,0:09:14.32,0:09:16.76,Default,,0000,0000,0000,,communication. Let’s see where it is--
Dialogue: 0,0:09:16.76,0:09:19.24,Default,,0000,0000,0000,,Digitally Sign Secure Channel.
Dialogue: 0,0:09:20.72,0:09:24.32,Default,,0000,0000,0000,,Microsoft Network,
Dialogue: 0,0:09:24.36,0:09:27.24,Default,,0000,0000,0000,,this is the one. Digitally Sign
Dialogue: 0,0:09:27.24,0:09:30.24,Default,,0000,0000,0000,,Communication, properties. It is disabled,
Dialogue: 0,0:09:30.24,0:09:32.32,Default,,0000,0000,0000,,so we’ll make sure this is
Dialogue: 0,0:09:32.32,0:09:35.68,Default,,0000,0000,0000,,enabled. If we go to the "Explain" section, you
Dialogue: 0,0:09:35.68,0:09:37.96,Default,,0000,0000,0000,,can see more information about this.
Dialogue: 0,0:09:37.96,0:09:40.60,Default,,0000,0000,0000,,Digitally signed communications. The
Dialogue: 0,0:09:40.60,0:09:42.44,Default,,0000,0000,0000,,security setting determines whether
Dialogue: 0,0:09:42.44,0:09:46.17,Default,,0000,0000,0000,,packet signing is required by the SMB client component.
Dialogue: 0,0:09:46.17,0:09:48.92,Default,,0000,0000,0000,,So, you want the
Dialogue: 0,0:09:48.92,0:09:50.88,Default,,0000,0000,0000,,communications through SMB to be signed
Dialogue: 0,0:09:50.88,0:09:53.16,Default,,0000,0000,0000,,and not available to MITM attacks. So you need
Dialogue: 0,0:09:53.16,0:09:56.45,Default,,0000,0000,0000,,to... Or, therefore, you need to enable this.
Dialogue: 0,0:09:57.60,0:09:59.64,Default,,0000,0000,0000,,Alright.
Dialogue: 0,0:09:59.64,0:10:02.84,Default,,0000,0000,0000,,Another thing for securing protocols
Dialogue: 0,0:10:02.84,0:10:05.76,Default,,0000,0000,0000,,in Active Directory is the LDAP protocol.
Dialogue: 0,0:10:05.76,0:10:08.16,Default,,0000,0000,0000,,LDAP is the main protocol that Active Directory is
Dialogue: 0,0:10:08.16,0:10:10.64,Default,,0000,0000,0000,,based on; it’s a Lightweight
Dialogue: 0,0:10:10.64,0:10:14.40,Default,,0000,0000,0000,,Directory Access Protocol. We also
Dialogue: 0,0:10:14.40,0:10:17.00,Default,,0000,0000,0000,,want to secure the communications
Dialogue: 0,0:10:17.00,0:10:19.84,Default,,0000,0000,0000,,based on that protocol to prevent MITM attacks.
Dialogue: 0,0:10:19.84,0:10:20.84,Default,,0000,0000,0000,,So, what we’re going to do again.
Dialogue: 0,0:10:20.84,0:10:23.44,Default,,0000,0000,0000,,Also, to enable the signing of these
Dialogue: 0,0:10:23.44,0:10:26.84,Default,,0000,0000,0000,,communications. On the same pane
Dialogue: 0,0:10:26.84,0:10:28.68,Default,,0000,0000,0000,,here, we’ll find the Domain
Dialogue: 0,0:10:28.68,0:10:31.64,Default,,0000,0000,0000,,Controller section, and then we’ll
Dialogue: 0,0:10:31.64,0:10:34.84,Default,,0000,0000,0000,,look for LDAP Server Channel Binding
Dialogue: 0,0:10:34.84,0:10:38.31,Default,,0000,0000,0000,,Tokens and LDAP Server Signing Requirements.
Dialogue: 0,0:10:42.20,0:10:44.52,Default,,0000,0000,0000,,Modifying the setting
Dialogue: 0,0:10:44.52,0:10:46.04,Default,,0000,0000,0000,,may affect compatibility with
Dialogue: 0,0:10:46.04,0:10:48.84,Default,,0000,0000,0000,,clients. Here, it doesn’t allow me to
Dialogue: 0,0:10:48.84,0:10:50.64,Default,,0000,0000,0000,,enable it for some reason related to
Dialogue: 0,0:10:50.64,0:10:54.82,Default,,0000,0000,0000,,this explanation, but usually, this needs to be enabled.
Dialogue: 0,0:10:56.40,0:10:59.80,Default,,0000,0000,0000,,The most important part
Dialogue: 0,0:10:59.80,0:11:02.40,Default,,0000,0000,0000,,of this video is the password
Dialogue: 0,0:11:02.40,0:11:04.72,Default,,0000,0000,0000,,policies. Password policies can be
Dialogue: 0,0:11:04.72,0:11:08.52,Default,,0000,0000,0000,,configured from... oh, we’re going to go
Dialogue: 0,0:11:08.52,0:11:10.64,Default,,0000,0000,0000,,back to Security Settings and we're
Dialogue: 0,0:11:10.64,0:11:12.76,Default,,0000,0000,0000,,going to check on Account Policies.
Dialogue: 0,0:11:12.76,0:11:14.48,Default,,0000,0000,0000,,So, Account Policy--there’s a
Dialogue: 0,0:11:14.48,0:11:16.40,Default,,0000,0000,0000,,Password Policy here, and from here, we
Dialogue: 0,0:11:16.40,0:11:19.64,Default,,0000,0000,0000,,can configure the minimum and maximum
Dialogue: 0,0:11:19.64,0:11:22.16,Default,,0000,0000,0000,,length of the password, the complexity,
Dialogue: 0,0:11:22.16,0:11:24.24,Default,,0000,0000,0000,,the age, and so on. For example,
Dialogue: 0,0:11:24.24,0:11:26.60,Default,,0000,0000,0000,,as you can see here, the maximum age
Dialogue: 0,0:11:26.60,0:11:29.68,Default,,0000,0000,0000,,of the password is 42 days, which means after
Dialogue: 0,0:11:29.68,0:11:32.56,Default,,0000,0000,0000,,42 days, your users will be prompted to
Dialogue: 0,0:11:32.56,0:11:34.53,Default,,0000,0000,0000,,change their password.
Dialogue: 0,0:11:35.16,0:11:37.28,Default,,0000,0000,0000,,That’s the maximum age, and
Dialogue: 0,0:11:37.28,0:11:39.04,Default,,0000,0000,0000,,that's the minimum age is
Dialogue: 0,0:11:39.04,0:11:41.12,Default,,0000,0000,0000,,one, meaning you cannot change your
Dialogue: 0,0:11:41.12,0:11:44.12,Default,,0000,0000,0000,,password during the first day of the
Dialogue: 0,0:11:44.12,0:11:46.40,Default,,0000,0000,0000,,assignment. Here we have a minimum password
Dialogue: 0,0:11:46.40,0:11:48.22,Default,,0000,0000,0000,,length of seven characters.
Dialogue: 0,0:11:49.56,0:11:53.08,Default,,0000,0000,0000,,These are some
Dialogue: 0,0:11:53.08,0:11:54.96,Default,,0000,0000,0000,,settings you can see. There
Dialogue: 0,0:11:54.96,0:11:57.28,Default,,0000,0000,0000,,are some questions to answer, so let’s
Dialogue: 0,0:11:57.28,0:12:00.08,Default,,0000,0000,0000,,scroll down. Yeah, change the... "What’s
Dialogue: 0,0:12:00.08,0:12:02.24,Default,,0000,0000,0000,,the default minimum password length?" It
Dialogue: 0,0:12:02.24,0:12:04.64,Default,,0000,0000,0000,,was seven, as you can see here.
Dialogue: 0,0:12:04.64,0:12:08.80,Default,,0000,0000,0000,,Going back and showing it one more time
Dialogue: 0,0:12:08.80,0:12:11.92,Default,,0000,0000,0000,,to you guys: seven characters. Alright,
Dialogue: 0,0:12:11.92,0:12:14.16,Default,,0000,0000,0000,,these are some
Dialogue: 0,0:12:14.16,0:12:16.24,Default,,0000,0000,0000,,policies that you can enable to harden
Dialogue: 0,0:12:16.24,0:12:19.80,Default,,0000,0000,0000,,your Active Directory or to secure
Dialogue: 0,0:12:19.80,0:12:22.24,Default,,0000,0000,0000,,the authentication. Additionally,
Dialogue: 0,0:12:22.24,0:12:25.72,Default,,0000,0000,0000,,in Task 5, there’s this nice new tool
Dialogue: 0,0:12:25.72,0:12:27.56,Default,,0000,0000,0000,,that I hadn’t heard of before: the
Dialogue: 0,0:12:27.56,0:12:31.24,Default,,0000,0000,0000,,Microsoft Security Compliance Toolkit.
Dialogue: 0,0:12:31.24,0:12:33.36,Default,,0000,0000,0000,,So, this tool...
Dialogue: 0,0:12:33.79,0:12:38.00,Default,,0000,0000,0000,,Let’s go to the relative folder. Scripts,
Dialogue: 0,0:12:38.28,0:12:42.36,Default,,0000,0000,0000,,open that... Okay,
Dialogue: 0,0:12:43.24,0:12:46.00,Default,,0000,0000,0000,,opening the link of the tool. If
Dialogue: 0,0:12:46.00,0:12:48.40,Default,,0000,0000,0000,,you download this tool, it will give you
Dialogue: 0,0:12:48.40,0:12:50.72,Default,,0000,0000,0000,,recommendations and ready
Dialogue: 0,0:12:50.72,0:12:53.24,Default,,0000,0000,0000,,templates that you can download and
Dialogue: 0,0:12:53.24,0:12:54.72,Default,,0000,0000,0000,,configure Active Directory. If you don’t
Dialogue: 0,0:12:54.72,0:12:56.80,Default,,0000,0000,0000,,know what to do and what
Dialogue: 0,0:12:56.80,0:12:59.28,Default,,0000,0000,0000,,policies to configure, you can
Dialogue: 0,0:12:59.28,0:13:02.76,Default,,0000,0000,0000,,download this tool and retrieve ready
Dialogue: 0,0:13:02.76,0:13:05.48,Default,,0000,0000,0000,,templates to configure. For example, on
Dialogue: 0,0:13:05.48,0:13:08.48,Default,,0000,0000,0000,,Group Policy, there are already-made
Dialogue: 0,0:13:08.48,0:13:12.24,Default,,0000,0000,0000,,configurations. For example, here’s the
Dialogue: 0,0:13:12.24,0:13:15.72,Default,,0000,0000,0000,,Windows Server 2019 Security Baseline
Dialogue: 0,0:13:15.72,0:13:18.56,Default,,0000,0000,0000,,downloaded from the tool itself.
Dialogue: 0,0:13:18.56,0:13:22.28,Default,,0000,0000,0000,,To illustrate further, in the figures
Dialogue: 0,0:13:22.28,0:13:23.56,Default,,0000,0000,0000,,here, as you can see, when you run this
Dialogue: 0,0:13:23.56,0:13:26.32,Default,,0000,0000,0000,,tool, it gives you the templates.
Dialogue: 0,0:13:26.32,0:13:29.40,Default,,0000,0000,0000,,Now here, Windows Server 2022
Dialogue: 0,0:13:29.40,0:13:32.92,Default,,0000,0000,0000,,Security Baseline zip--this is a zip file, and
Dialogue: 0,0:13:32.92,0:13:35.40,Default,,0000,0000,0000,,it was downloaded to this machine.
Dialogue: 0,0:13:35.40,0:13:38.21,Default,,0000,0000,0000,,Once downloaded, you can see the relative folder.
Dialogue: 0,0:13:38.21,0:13:39.88,Default,,0000,0000,0000,,If you open it and go to Local
Dialogue: 0,0:13:39.88,0:13:42.36,Default,,0000,0000,0000,,Scripts, you can see the PowerShell script
Dialogue: 0,0:13:42.36,0:13:46.96,Default,,0000,0000,0000,,that, if you run it, will configure
Dialogue: 0,0:13:46.96,0:13:50.12,Default,,0000,0000,0000,,the settings based on this baseline.
Dialogue: 0,0:13:50.12,0:13:52.52,Default,,0000,0000,0000,,So, the baseline is actually a
Dialogue: 0,0:13:52.52,0:13:54.80,Default,,0000,0000,0000,,collection and combination of
Dialogue: 0,0:13:54.80,0:13:56.84,Default,,0000,0000,0000,,configurations that ensure your
Dialogue: 0,0:13:56.84,0:14:00.92,Default,,0000,0000,0000,,Windows Server is secure based on a specific
Dialogue: 0,0:14:00.92,0:14:03.88,Default,,0000,0000,0000,,baseline, right? And you can use this as a
Dialogue: 0,0:14:03.88,0:14:05.96,Default,,0000,0000,0000,,start if you don’t know what to do.
Dialogue: 0,0:14:05.96,0:14:09.96,Default,,0000,0000,0000,,Additionally, there’s the Policy
Dialogue: 0,0:14:09.96,0:14:14.12,Default,,0000,0000,0000,,Analyzer. Again, guys, these can be
Dialogue: 0,0:14:14.12,0:14:16.16,Default,,0000,0000,0000,,downloaded by running the tool on your
Dialogue: 0,0:14:16.16,0:14:18.04,Default,,0000,0000,0000,,machine and then selecting the
Dialogue: 0,0:14:18.04,0:14:20.04,Default,,0000,0000,0000,,configuration you want. It will be
Dialogue: 0,0:14:20.04,0:14:21.44,Default,,0000,0000,0000,,downloaded in a zip file, and you can
Dialogue: 0,0:14:21.44,0:14:23.80,Default,,0000,0000,0000,,extract and see it this way. The Policy
Dialogue: 0,0:14:23.80,0:14:25.72,Default,,0000,0000,0000,,Analyzer analyzes the Group Policy
Dialogue: 0,0:14:25.72,0:14:30.68,Default,,0000,0000,0000,,settings in your environment, okay,
Dialogue: 0,0:14:31.28,0:14:35.32,Default,,0000,0000,0000,,and as you can see here, you have the demonstrations.
Dialogue: 0,0:14:37.04,0:14:39.08,Default,,0000,0000,0000,,So, if you go back here to
Dialogue: 0,0:14:39.08,0:14:41.64,Default,,0000,0000,0000,,Policy Analyzer, you can see these are
Dialogue: 0,0:14:41.64,0:14:44.72,Default,,0000,0000,0000,,the scripts that, if you run them, will
Dialogue: 0,0:14:44.72,0:14:47.60,Default,,0000,0000,0000,,configure your Group Policy based on the
Dialogue: 0,0:14:47.60,0:14:49.80,Default,,0000,0000,0000,,settings. Let’s go over one of them. So, if
Dialogue: 0,0:14:49.80,0:14:52.72,Default,,0000,0000,0000,,you go back to the Windows Server Security
Dialogue: 0,0:14:52.72,0:14:56.68,Default,,0000,0000,0000,,Baseline and check the GPOs,
Dialogue: 0,0:14:57.68,0:15:01.32,Default,,0000,0000,0000,,as you can see, these GPOs can be
Dialogue: 0,0:15:01.32,0:15:03.84,Default,,0000,0000,0000,,directly imported to your Group Policy
Dialogue: 0,0:15:03.84,0:15:06.96,Default,,0000,0000,0000,,Editor based on the machine and the user.
Dialogue: 0,0:15:09.60,0:15:13.92,Default,,0000,0000,0000,,If you open this in XML format,
Dialogue: 0,0:15:20.28,0:15:23.05,Default,,0000,0000,0000,,hopefully, it’s going to open...
Dialogue: 0,0:15:29.92,0:15:35.29,Default,,0000,0000,0000,,yeah, see, guys, these are the configurations.
Dialogue: 0,0:15:37.08,0:15:39.36,Default,,0000,0000,0000,,Now, the best thing to do
Dialogue: 0,0:15:39.36,0:15:42.04,Default,,0000,0000,0000,,is to import them into your security or
Dialogue: 0,0:15:42.04,0:15:46.88,Default,,0000,0000,0000,,Group Policy Editor (LGPO).
Dialogue: 0,0:15:46.88,0:15:50.14,Default,,0000,0000,0000,,As you can see, this is an executable file.
Dialogue: 0,0:15:50.14,0:15:52.48,Default,,0000,0000,0000,,Alright, so on the task here,
Dialogue: 0,0:15:52.48,0:15:55.12,Default,,0000,0000,0000,,there’s “Find and open Baseline Local
Dialogue: 0,0:15:55.12,0:15:58.20,Default,,0000,0000,0000,,Install script” and “Find the flag.” Let’s
Dialogue: 0,0:15:58.20,0:15:59.72,Default,,0000,0000,0000,,go here and see where that script is--
Dialogue: 0,0:15:59.72,0:16:02.08,Default,,0000,0000,0000,,Local Script--and there’s Baseline Local
Dialogue: 0,0:16:02.08,0:16:05.44,Default,,0000,0000,0000,,Install. Let’s open this and see what it does.
Dialogue: 0,0:16:17.96,0:16:21.20,Default,,0000,0000,0000,,Okay, so the description says:
Dialogue: 0,0:16:21.20,0:16:23.04,Default,,0000,0000,0000,,“Applies a Windows Security Configuration
Dialogue: 0,0:16:23.04,0:16:25.96,Default,,0000,0000,0000,,baseline to a local Group Policy.
Dialogue: 0,0:16:25.96,0:16:28.36,Default,,0000,0000,0000,,Execute the script with one of
Dialogue: 0,0:16:28.36,0:16:30.60,Default,,0000,0000,0000,,these required command line switches to
Dialogue: 0,0:16:30.60,0:16:33.28,Default,,0000,0000,0000,,install the corresponding baseline.”
Dialogue: 0,0:16:33.28,0:16:37.12,Default,,0000,0000,0000,,So here you specify you execute
Dialogue: 0,0:16:37.12,0:16:39.88,Default,,0000,0000,0000,,this either on a domain controller or on
Dialogue: 0,0:16:39.88,0:16:42.60,Default,,0000,0000,0000,,a domain-joined machine. Requirements:
Dialogue: 0,0:16:42.60,0:16:44.76,Default,,0000,0000,0000,,PowerShell execution policy,
Dialogue: 0,0:16:44.76,0:16:47.88,Default,,0000,0000,0000,,domain-joined machine. And this is the flag.
Dialogue: 0,0:16:47.88,0:16:49.80,Default,,0000,0000,0000,,So, as you can see, guys, these
Dialogue: 0,0:16:49.80,0:16:51.60,Default,,0000,0000,0000,,are a set of configurations that will be
Dialogue: 0,0:16:51.60,0:16:54.04,Default,,0000,0000,0000,,applied on any domain or any computer
Dialogue: 0,0:16:54.04,0:16:55.28,Default,,0000,0000,0000,,you apply it to,
Dialogue: 0,0:16:55.28,0:16:58.14,Default,,0000,0000,0000,,and it will configure the Group Policy
Dialogue: 0,0:16:58.14,0:17:01.68,Default,,0000,0000,0000,,based on the mentioned configurations here.
Dialogue: 0,0:17:12.44,0:17:16.16,Default,,0000,0000,0000,,Okay, the other question is: “Find and open the
Dialogue: 0,0:17:16.16,0:17:18.68,Default,,0000,0000,0000,,Merge Policy Rule script
Dialogue: 0,0:17:18.68,0:17:21.40,Default,,0000,0000,0000,,imported from Policy Analyzer
Dialogue: 0,0:17:21.40,0:17:23.08,Default,,0000,0000,0000,,in PowerShell Editor.”
Dialogue: 0,0:17:26.88,0:17:31.28,Default,,0000,0000,0000,,So, back to Policy Analyzer,
Dialogue: 0,0:17:31.28,0:17:33.88,Default,,0000,0000,0000,,you can check the scripts. Merge
Dialogue: 0,0:17:33.88,0:17:35.96,Default,,0000,0000,0000,,Policy--let’s take a look at the
Dialogue: 0,0:17:35.96,0:17:40.36,Default,,0000,0000,0000,,script here. What does it do? So, Merge Policy Analyzer
Dialogue: 0,0:17:40.40,0:17:44.08,Default,,0000,0000,0000,,policy files... What? Merge policy
Dialogue: 0,0:17:44.08,0:17:46.44,Default,,0000,0000,0000,,analyzer policy rule files into one
Dialogue: 0,0:17:46.44,0:17:49.12,Default,,0000,0000,0000,,policy rule set written into the pipeline.
Dialogue: 0,0:17:49.12,0:17:51.80,Default,,0000,0000,0000,,So, one of the things that
Dialogue: 0,0:17:51.80,0:17:54.20,Default,,0000,0000,0000,,Policy Analyzer does is that
Dialogue: 0,0:17:54.20,0:17:57.92,Default,,0000,0000,0000,,it gets rid of redundant policies
Dialogue: 0,0:17:57.92,0:18:00.00,Default,,0000,0000,0000,,configured in GPO.
Dialogue: 0,0:18:00.00,0:18:03.71,Default,,0000,0000,0000,,If you scroll down, as you can see, this is the flag.
Dialogue: 0,0:18:06.08,0:18:08.80,Default,,0000,0000,0000,,Other questions we have to ask:
Dialogue: 0,0:18:08.80,0:18:11.08,Default,,0000,0000,0000,,These are the common attacks against
Dialogue: 0,0:18:11.08,0:18:12.52,Default,,0000,0000,0000,,Active Directory. We have discussed many
Dialogue: 0,0:18:12.52,0:18:14.12,Default,,0000,0000,0000,,rooms on Active Directory penetration
Dialogue: 0,0:18:14.12,0:18:15.80,Default,,0000,0000,0000,,testing; you can get back with them, guys, and
Dialogue: 0,0:18:15.80,0:18:19.32,Default,,0000,0000,0000,,see how attacks are conducted against
Dialogue: 0,0:18:19.32,0:18:21.76,Default,,0000,0000,0000,,these kinds of environments. So, does Kerberos
Dialogue: 0,0:18:21.76,0:18:23.48,Default,,0000,0000,0000,,Tasting utilize an offline attack,
Dialogue: 0,0:18:23.48,0:18:25.52,Default,,0000,0000,0000,,scanning for cracking encrypted passwords? We
Dialogue: 0,0:18:25.52,0:18:26.88,Default,,0000,0000,0000,,explained previously, guys, about Kerberos
Dialogue: 0,0:18:26.88,0:18:30.44,Default,,0000,0000,0000,,Tasting. I'm just going to go through this again, and
Dialogue: 0,0:18:30.44,0:18:32.12,Default,,0000,0000,0000,,the answer is yes, it's offline because,
Dialogue: 0,0:18:32.12,0:18:34.44,Default,,0000,0000,0000,,at the end, you take the
Dialogue: 0,0:18:34.44,0:18:38.27,Default,,0000,0000,0000,,ticket and crack it offline as per the generated report.
Dialogue: 0,0:18:38.27,0:18:39.12,Default,,0000,0000,0000,,How many users have
Dialogue: 0,0:18:39.12,0:18:41.84,Default,,0000,0000,0000,,the same password as Aaron Booth? For
Dialogue: 0,0:18:41.84,0:18:43.60,Default,,0000,0000,0000,,you guys who are asking, "Where is the
Dialogue: 0,0:18:43.60,0:18:47.44,Default,,0000,0000,0000,,report?" The report is here. If you go
Dialogue: 0,0:18:47.44,0:18:50.92,Default,,0000,0000,0000,,to the image here, you click on it and
Dialogue: 0,0:18:50.92,0:18:52.56,Default,,0000,0000,0000,,see--this is the report.
Dialogue: 0,0:18:52.56,0:18:59.60,Default,,0000,0000,0000,,These are the usernames who have the same password.
Dialogue: 0,0:18:59.60,0:19:02.76,Default,,0000,0000,0000,,As you can see, Aaron Booth’s...
Dialogue: 0,0:19:02.76,0:19:04.96,Default,,0000,0000,0000,,The number of accounts with the
Dialogue: 0,0:19:04.96,0:19:07.23,Default,,0000,0000,0000,,same password is 186.
Dialogue: 0,0:19:08.16,0:19:11.72,Default,,0000,0000,0000,,Lastly, this is a cheat sheet from
Dialogue: 0,0:19:11.72,0:19:16.16,Default,,0000,0000,0000,,TryHackMe. You can download it to take
Dialogue: 0,0:19:16.16,0:19:17.48,Default,,0000,0000,0000,,a look at more details on Active
Dialogue: 0,0:19:17.48,0:19:21.48,Default,,0000,0000,0000,,Directory hardening. So that was it, guys.
Dialogue: 0,0:19:21.48,0:19:23.88,Default,,0000,0000,0000,,I hope you enjoyed the video, and
Dialogue: 0,0:19:23.88,0:19:26.66,Default,,0000,0000,0000,,definitely, I’m going to see you later to complete this track.