Best practices and security settings in Windows
While in the previous chapters, we focused a lot on the surrounding components of our infrastructure, such as endpoints, identity, external services, and cloud-based services. The missing part is our Windows infrastructure.
As also mentioned in previous chapters, many of today’s ransomware attacks often start from a compromised endpoint, usually through phishing and allowing the attacker to get their foot inside the door. From there, they often try to use different attack vectors to gain further access to the infrastructure.
There are different ways that attackers can use to gain further access. Often it is using a set of credentials they either have access to via the compromised system or using some form of vulnerability.
One of the commonly used tools to collect credentials is Mimikatz, which I’ve mentioned in earlier chapters.
Mimikatz was developed by French hacker Benjamin Delpy, who stated that the tool...
