mimikatz attach stypes - mimikatx attach
ssuser82a6381
15 views
39 slides
Sep 17, 2024
Slide 1 of 39
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
About This Presentation
mimikatz attach stypes
Slide Content
Erik Van Buggenhout
CredentialGuardvs Mimikatz
The showdown
InfoSecurity–14 March 2018
CredentialGuardvs Mimikatz
The showdown
InfoSecurity–14 March 2018
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Who am I?
2
•Co-founder
•IncidentResponse&Threat
Hunting
•LeadAuthor&InstructorSEC599
•InstructorSEC560,561,562,542
Mimikatz
Who am I?
2
•Co-founder
•IncidentResponse&Threat
Hunting
•LeadAuthor&InstructorSEC599
•InstructorSEC560,561,562,542
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
What I’d like to discuss today
3
QuickIntroduction
Refresher:Windowscredentialsattacks
Let’stalkdefenses
Whatdefensemechanismswereintroduced
before?
CredentialGuard
WhatisthisCredentialGuardyouspeakof?
Demo
Theproofisinthepudding!CredentialGuard
VS
Mimikatz
What I’d like to discuss today
3
QuickIntroduction
Refresher:Windowscredentialsattacks
Let’stalkdefenses
Whatdefensemechanismswereintroduced
before?
CredentialGuard
WhatisthisCredentialGuardyouspeakof?
Demo
Theproofisinthepudding!CredentialGuard
VS
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
What I’d like to discuss today
4
QuickIntroduction
Refresher:Windowscredentialsattacks
Let’stalkdefenses
Whatdefensemechanismswereintroduced
before?
CredentialGuard
WhatisthisCredentialGuardyouspeakof?
Demo
Theproofisinthepudding!CredentialGuard
VS
Mimikatz
What I’d like to discuss today
4
QuickIntroduction
Refresher:Windowscredentialsattacks
Let’stalkdefenses
Whatdefensemechanismswereintroduced
before?
CredentialGuard
WhatisthisCredentialGuardyouspeakof?
Demo
Theproofisinthepudding!CredentialGuard
VS
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Stealing Windows credentials –where in the Cyber Kill Chain?
5
Reconnaissan
ce
Delivery Installation
Action on
Objectives
Weaponizatio
n
Exploitation
Command &
Control
Windows credentials are typically a target for adversaries in the later stages
of the compromise. After obtaining an initial foothold, credentials are
stolen to further escalate privileges / move laterally in the environment!
Mimikatz
Stealing Windows credentials –where in the Cyber Kill Chain?
5
Reconnaissan
ce
Delivery Installation
Action on
Objectives
Weaponizatio
n
Exploitation
Command &
Control
Windows credentials are typically a target for adversaries in the later stages
of the compromise. After obtaining an initial foothold, credentials are
stolen to further escalate privileges / move laterally in the environment!
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Windows credentials attacks
6
Aside from generic attacks such as phishing or keylogging, the table below lists some of the
most common ways used by adversaries to obtain Windows credentials:
SANS Senior Instructor Chad Tilbury has an excellent presentation on Windows Credentials Attacks, Mitigations & Defence:
https://www.first.org/resources/papers/conf2017/Windows-Credentials-Attacks-and-Mitigation-Techniques.pdf
Mimikatz
Windows credentials attacks
6
Aside from generic attacks such as phishing or keylogging, the table below lists some of the
most common ways used by adversaries to obtain Windows credentials:
SANS Senior Instructor Chad Tilbury has an excellent presentation on Windows Credentials Attacks, Mitigations & Defence:
https://www.first.org/resources/papers/conf2017/Windows-Credentials-Attacks-and-Mitigation-Techniques.pdf
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Introducing some of these tools –Capturing NTLMv2
7
For different reasons, Kerberos could not be available, in which case Windows will revert
to NTLMv2 Challenge / Response authentication:
Domain
Controller
1. Requestauthentication
Service
Database
Server
2. Challenge
3. Response
Client
Workstation
6. Server sendsresponse to
client
The authenticating system uses the
hashed credential to calculate a
response based on the challenge sent
by the server
In a Windows domain environment, the
NTLM challenge & response will be
forwarded to the domain controller for
validation of credentials
4. Forward Chal+ Resp
5. Validation
Mimikatz
Introducing some of these tools –Capturing NTLMv2
7
For different reasons, Kerberos could not be available, in which case Windows will revert
to NTLMv2 Challenge / Response authentication:
Domain
Controller
1. Requestauthentication
Service
Database
Server
2. Challenge
3. Response
Client
Workstation
6. Server sendsresponse to
client
The authenticating system uses the
hashed credential to calculate a
response based on the challenge sent
by the server
In a Windows domain environment, the
NTLM challenge & response will be
forwarded to the domain controller for
validation of credentials
4. Forward Chal+ Resp
5. Validation
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Introducing some of these tools –Responder –Capturing NTLMv2
8
Responder is (amongst others) an LLMNR, NBT-NS and MDNS poisoner. It will attempt to trick systems
to connect / authenticate to the system it is running on. It will then attempt to sniff the authentication
challenge (e.g. NTLMv2), which could be cracked by a password cracking tool.
Mimikatz
Introducing some of these tools –Responder –Capturing NTLMv2
8
Responder is (amongst others) an LLMNR, NBT-NS and MDNS poisoner. It will attempt to trick systems
to connect / authenticate to the system it is running on. It will then attempt to sniff the authentication
challenge (e.g. NTLMv2), which could be cracked by a password cracking tool.
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Dumping credentials from LSASS memory
9
Once an initial entry point in the network has been obtained, dumping credentials from LSASS memory in
particular has become extremely popular:
•Open ups attack vector against users that aren’t locally configured (domain users). Furthermore,
stolen credentials are in clear-text (Windows 7) or NT hash (Windows 10) format, so can immediately
be reused in Pass-the-Hashattacks
•Common attack flow:
1.Obtain local admin access to one system in domain
2.Luredomain admin to machine (e.g. Call Helpdesk)
3.Dump credentials frommemory
4.Ownthedomain (“Domain dominance”)
5.Persistdomain ownage(Golden ticket, DCSync, SkeletonKey,…)
•Tools like Bloodhound create entire attack trees that revealrelationships
betweenaccounts and systems to facilitate this
Mimikatz
Dumping credentials from LSASS memory
9
Once an initial entry point in the network has been obtained, dumping credentials from LSASS memory in
particular has become extremely popular:
•Open ups attack vector against users that aren’t locally configured (domain users). Furthermore,
stolen credentials are in clear-text (Windows 7) or NT hash (Windows 10) format, so can immediately
be reused in Pass-the-Hashattacks
•Common attack flow:
1.Obtain local admin access to one system in domain
2.Luredomain admin to machine (e.g. Call Helpdesk)
3.Dump credentials frommemory
4.Ownthedomain (“Domain dominance”)
5.Persistdomain ownage(Golden ticket, DCSync, SkeletonKey,…)
•Tools like Bloodhound create entire attack trees that revealrelationships
betweenaccounts and systems to facilitate this
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Dumping credentials from LSASS memory –Common technique
10
Due to its size & complexity, it’s often difficult for administrators to retain a good
overview of how privileges are assigned across the environment.Adversaries
can leverage this to spot excessive privileges which can be used in lateral
movement…
AD structure diagrams
The below diagram
(generated by the attacking
tool BloodHoundAD), reveals
an interesting way of how
adversaries could laterally
move through the target
environment: In a few steps,
Erik could easily steal the
hashes of Stephen, thereby
obtaining Domain Admin
privileges.
User:
Erik
Group:
Work-
station
admins
PC:
Work-
station
1
Group:
Domain
admins
User:
Stephen
HasSession
Mimikatz
Dumping credentials from LSASS memory –Common technique
10
Due to its size & complexity, it’s often difficult for administrators to retain a good
overview of how privileges are assigned across the environment.Adversaries
can leverage this to spot excessive privileges which can be used in lateral
movement…
AD structure diagrams
The below diagram
(generated by the attacking
tool BloodHoundAD), reveals
an interesting way of how
adversaries could laterally
move through the target
environment: In a few steps,
Erik could easily steal the
hashes of Stephen, thereby
obtaining Domain Admin
privileges.
User:
Erik
Group:
Work-
station
admins
PC:
Work-
station
1
Group:
Domain
admins
User:
Stephen
HasSession
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Dumping credentials from LSASS memory –Mimikatz
11
Due to its high reliability & flexibility, it is used by adversaries and penetration
testers alike. Several variations have been created and it has been included as a
module in the MetasploitMeterpreter attacking tool.
Mimikatzis a free, open-source Windows tool built by Benjamin Delpy
(@gentilkiwi) to extract credentials from Windows computers. Its second
version is often referred to as “Kiwi”.
“Mimikatzis a tool I've made to learn C and make somesexperiments with
Windows security. It's now well known to extract plaintexts passwords,
hash, PIN code and kerberostickets from memory. Mimikatzcan also
perform pass-the-hash, pass-the-ticket or build Golden tickets.”
Mimikatz
Dumping credentials from LSASS memory –Mimikatz
11
Due to its high reliability & flexibility, it is used by adversaries and penetration
testers alike. Several variations have been created and it has been included as a
module in the MetasploitMeterpreter attacking tool.
Mimikatzis a free, open-source Windows tool built by Benjamin Delpy
(@gentilkiwi) to extract credentials from Windows computers. Its second
version is often referred to as “Kiwi”.
“Mimikatzis a tool I've made to learn C and make somesexperiments with
Windows security. It's now well known to extract plaintexts passwords,
hash, PIN code and kerberostickets from memory. Mimikatzcan also
perform pass-the-hash, pass-the-ticket or build Golden tickets.”
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Dumping credentials from LSASS memory –The primacy of Mimikatz
12
Executing command
privilege::debug to enable
the debug privilege.
Executing
command
lsadump::lsa
/inject will dump
the hashes from
the LSA process
(lsaass.exe).
Mimikatz
Dumping credentials from LSASS memory –The primacy of Mimikatz
12
Executing command
privilege::debug to enable
the debug privilege.
Executing
command
lsadump::lsa
/inject will dump
the hashes from
the LSA process
(lsaass.exe).
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Dumping credentials from LSASS memory –Mimikatz in the news
13
The popularity of Mimikatz has sky-rocketed over the last few years:
•In 2017, the NotPetyaransomware used various components of Mimikatz to supports its
lateral movement
•In several APT investigations, Mimikatz is part of the standard toolkit used by advanced
adversaries (Amongst others, Oilrig, Cobalt Kitty & APT-28 have been observed to use
(variants of) Mimikatz)
•Penetration testing & red teaming frameworks include (variants of) Mimikatz:
•Metasploit Meterpreter has a built-in Mimikatz module
PowershellEmpire has a built-in version of Mimikatz
Mimikatz
Dumping credentials from LSASS memory –Mimikatz in the news
13
The popularity of Mimikatz has sky-rocketed over the last few years:
•In 2017, the NotPetyaransomware used various components of Mimikatz to supports its
lateral movement
•In several APT investigations, Mimikatz is part of the standard toolkit used by advanced
adversaries (Amongst others, Oilrig, Cobalt Kitty & APT-28 have been observed to use
(variants of) Mimikatz)
•Penetration testing & red teaming frameworks include (variants of) Mimikatz:
•Metasploit Meterpreter has a built-in Mimikatz module
PowershellEmpire has a built-in version of Mimikatz
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Dumping credentials from LSASS memory –Some advanced Mimikatz features
14
•To prevent AV detection, Mimikatz supports an offline mode, where a dump of the LSASS
process can be fed to Mimikatz. This dump-file can be created by built-in Windows tools
(e.g. Task Manager) or the SysInternalstoolkit. This removes the need of running a “hacking
tool” like Mimikatz on the target system…
•Mimikatz can impersonate a Domain Controller and replicate all password hashes using
MS-DRSR (Directory Replication Service Remote Protocol), labelled “DCSync” in Mimikatz
•Mimikatz can create AD persistence by generating golden tickets or installing a backdoor in
memory of the Domain Controller (“Skeleton Key” attack)
Mimikatz
Dumping credentials from LSASS memory –Some advanced Mimikatz features
14
•To prevent AV detection, Mimikatz supports an offline mode, where a dump of the LSASS
process can be fed to Mimikatz. This dump-file can be created by built-in Windows tools
(e.g. Task Manager) or the SysInternalstoolkit. This removes the need of running a “hacking
tool” like Mimikatz on the target system…
•Mimikatz can impersonate a Domain Controller and replicate all password hashes using
MS-DRSR (Directory Replication Service Remote Protocol), labelled “DCSync” in Mimikatz
•Mimikatz can create AD persistence by generating golden tickets or installing a backdoor in
memory of the Domain Controller (“Skeleton Key” attack)
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
What I’d like to discuss today
15
QuickIntroduction
Refresher:Windowscredentialsattacks
Let’stalkdefenses
Whatdefensemechanismswereintroduced
before?
CredentialGuard
WhatisthisCredentialGuardyouspeakof?
Demo
Theproofisinthepudding!CredentialGuard
VS
Mimikatz
What I’d like to discuss today
15
QuickIntroduction
Refresher:Windowscredentialsattacks
Let’stalkdefenses
Whatdefensemechanismswereintroduced
before?
CredentialGuard
WhatisthisCredentialGuardyouspeakof?
Demo
Theproofisinthepudding!CredentialGuard
VS
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
What’s left behind?
16
http://technet.microsoft.com/en-us/windows-server-docs/security/securing-
privileged-access/securing-privileged-access-reference-material
Mimikatz
What’s left behind?
16
http://technet.microsoft.com/en-us/windows-server-docs/security/securing-
privileged-access/securing-privileged-access-reference-material
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
What’s left behind? –Mimikatz point of view
17
Mimikatz
What’s left behind? –Mimikatz point of view
17
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Generic recommendations –Isolate Domain Controllers
18
Put domain
controllers in a
different
network than
other servers
and
workstations.
Use at least
firewalls to
separate the
networks.
Domain controllers
network
Inner network
Mimikatz
Generic recommendations –Isolate Domain Controllers
18
Put domain
controllers in a
different
network than
other servers
and
workstations.
Use at least
firewalls to
separate the
networks.
Domain controllers
network
Inner network
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Generic recommendations –Privileged Access Workstations
19
Domain controllers
network
Privileged Access
Workstations
Inner Network
Mimikatz
Generic recommendations –Privileged Access Workstations
19
Domain controllers
network
Privileged Access
Workstations
Inner Network
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Generic recommendations –Identity & Access Management
20
Mimikatz
Generic recommendations –Identity & Access Management
20
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Focused improvements -Windows 8 / 2012 –Restricted Admin
21
The idea of “Restricted Admin” mode is that credentials are not sent upon establishing of an
RDP session, so the chances of capturing them using Mimikatz are lower!
Source: https://docs.microsoft.com/en-us/windows/access-protection/remote-credential-guard
Mimikatz
Focused improvements -Windows 8 / 2012 –Restricted Admin
21
The idea of “Restricted Admin” mode is that credentials are not sent upon establishing of an
RDP session, so the chances of capturing them using Mimikatz are lower!
Source: https://docs.microsoft.com/en-us/windows/access-protection/remote-credential-guard
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Focused improvements -Windows 8 / 2012 –Restricted Admin
22
In a bit more detail:
Normal RDP
•Erik enters his password to the RDP client.
•RDP client performs network logon to the
target server to authorize Erik.
•Erik is authorized & the RDP client securely
relays the credentials to the target machine
over a secure channel.
•The target server uses there credentials to
perform an interactive logon on behalf of
Erik.
RestrictedAdmin
•RDP will try to interactively log on to the
remote machine without sending credentials
•The actual credentials are not required in
order to set up the connectivity
Mimikatz
Focused improvements -Windows 8 / 2012 –Restricted Admin
22
In a bit more detail:
Normal RDP
•Erik enters his password to the RDP client.
•RDP client performs network logon to the
target server to authorize Erik.
•Erik is authorized & the RDP client securely
relays the credentials to the target machine
over a secure channel.
•The target server uses there credentials to
perform an interactive logon on behalf of
Erik.
RestrictedAdmin
•RDP will try to interactively log on to the
remote machine without sending credentials
•The actual credentials are not required in
order to set up the connectivity
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Focused improvements -Windows 8 / 2012 –Restricted Admin
23
Mimikatz
Focused improvements -Windows 8 / 2012 –Restricted Admin
23
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Focused improvements -Windows 8 / 2012 –Protected Processes
24
In order to prevent hash dumping attacks aimed at the
LSA process, Microsoft introduced “Protected
Processes” as of Windows 8 & Windows Server 2012.
•Protected processes were first introduced in
Windows Vista for DRM (Digital Rights
Management) purposes, but were adapted for
“security purposes” in Windows 8
•The screenshot on the right provides an example of
the lsass.exe process running as a “protected
process”
•Protected Processes are implemented in the Kernel
software and can thus be defeated…
Mimikatz
Focused improvements -Windows 8 / 2012 –Protected Processes
24
In order to prevent hash dumping attacks aimed at the
LSA process, Microsoft introduced “Protected
Processes” as of Windows 8 & Windows Server 2012.
•Protected processes were first introduced in
Windows Vista for DRM (Digital Rights
Management) purposes, but were adapted for
“security purposes” in Windows 8
•The screenshot on the right provides an example of
the lsass.exe process running as a “protected
process”
•Protected Processes are implemented in the Kernel
software and can thus be defeated…
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Focused improvements -Windows 8 / 2012 –Protected Processes
25
Mimikatz
Focused improvements -Windows 8 / 2012 –Protected Processes
25
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Focused improvements -Windows 8 / 2012 –Protected Processes
26
Mimikatz
Focused improvements -Windows 8 / 2012 –Protected Processes
26
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Focused improvements -Windows 8 / 2012 –Domain Protected Users
27
“Protected Users” enforces a number of restrictions on affected users, which try to defend
against several of the attack strategies previously mentioned:
Disable authentication using NTLM
=> Protect against Responder-style attacks
Wdigest & CredSSP clear-text credentials no longer stored in LSASS
=> Less results when LSASS memory dumping
On a device running Windows 8.1, passwords are not cached
=> Protect against dumping of cached credentials (default Windows: 10 latest users)
Kerberos will not use DES or RC4 during pre-authentication
=> Protect against “Kerberoasting” attacks
Mimikatz
Focused improvements -Windows 8 / 2012 –Domain Protected Users
27
“Protected Users” enforces a number of restrictions on affected users, which try to defend
against several of the attack strategies previously mentioned:
Disable authentication using NTLM
=> Protect against Responder-style attacks
Wdigest & CredSSP clear-text credentials no longer stored in LSASS
=> Less results when LSASS memory dumping
On a device running Windows 8.1, passwords are not cached
=> Protect against dumping of cached credentials (default Windows: 10 latest users)
Kerberos will not use DES or RC4 during pre-authentication
=> Protect against “Kerberoasting” attacks
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
What I’d like to discuss today
28
QuickIntroduction
Refresher:Windowscredentialsattacks
Let’stalkdefenses
Whatdefensemechanismswereintroduced
before?
CredentialGuard
WhatisthisCredentialGuardyouspeakof?
Demo
Theproofisinthepudding!CredentialGuard
VS
Mimikatz
What I’d like to discuss today
28
QuickIntroduction
Refresher:Windowscredentialsattacks
Let’stalkdefenses
Whatdefensemechanismswereintroduced
before?
CredentialGuard
WhatisthisCredentialGuardyouspeakof?
Demo
Theproofisinthepudding!CredentialGuard
VS
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Introducing CredentialGuard
29
Mimikatz
Introducing CredentialGuard
29
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Windows high-level architecture –Without CredentialGuard
30
Mimikatz
Windows high-level architecture –Without CredentialGuard
30
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Having a look at the processes –Without CredentialGuard
31
Mimikatz
Having a look at the processes –Without CredentialGuard
31
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Windows high-level architecture –With CredentialGuard
32
When Credential Guard is
enabled, the LSA process still
runs in userland.
The actual credentials are
stored in the isolated LSA
process (LsaIso.exe).
This process does not run
under Windows, but in the
Virtual Secure Mode.
Mimikatz
Windows high-level architecture –With CredentialGuard
32
When Credential Guard is
enabled, the LSA process still
runs in userland.
The actual credentials are
stored in the isolated LSA
process (LsaIso.exe).
This process does not run
under Windows, but in the
Virtual Secure Mode.
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Windows high-level architecture –With CredentialGuard
33
Mimikatz
Windows high-level architecture –With CredentialGuard
33
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Some caveats
34
Mimikatz
Some caveats
34
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Some caveats –Another interesting attack strategy!
35
Mimikatz
Some caveats –Another interesting attack strategy!
35
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
What I’d like to discuss today
36
QuickIntroduction
Refresher:Windowscredentialsattacks
Let’stalkdefenses
Whatdefensemechanismswereintroduced
before?
CredentialGuard
WhatisthisCredentialGuardyouspeakof?
Demo
Theproofisinthepudding!CredentialGuard
VS
Mimikatz
What I’d like to discuss today
36
QuickIntroduction
Refresher:Windowscredentialsattacks
Let’stalkdefenses
Whatdefensemechanismswereintroduced
before?
CredentialGuard
WhatisthisCredentialGuardyouspeakof?
Demo
Theproofisinthepudding!CredentialGuard
VS
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Demo time
37
Mimikatz
Demo time
37
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Conclusion
38
Mimikatz
Conclusion
38
InfoSecurity–14 March 2018 –CredentialGuard&
Mimikatz
Want to learn more?
39
Want support?
Get in touchwithNVISO’sexperts, we’dbehappy todiscusshowwe
canhelp further!
Want tolearnmore?
JoinSEC599 –DefeatingAdvanced Adversaries!
•London –April 2018
•Amsterdam –September 2018
•Brussels –October2018
More locationsavailableat
https://www.sans.org/course/defeating-advanced-adversaries-
kill-chain-defenses
Mimikatz
Want to learn more?
39
Want support?
Get in touchwithNVISO’sexperts, we’dbehappy todiscusshowwe
canhelp further!
Want tolearnmore?
JoinSEC599 –DefeatingAdvanced Adversaries!
•London –April 2018
•Amsterdam –September 2018
•Brussels –October2018
More locationsavailableat
https://www.sans.org/course/defeating-advanced-adversaries-
kill-chain-defenses
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 15
- Slides 39
- Age 447 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
35 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
38 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
34 views
14
Fertility awareness methods for women in the society
Isaiah47
31 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
30 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
31 views