Attackers and malware are increasingly relying on a common set of tools to compromise identities and spread within a network. Tools like Mimikatz accompanied with common administrator tools like PsExec and WMI have become a standard part of an attacker’s arsenal to turn a single machine compromise into a full network breach. In this webinar we will take a look at why some of these tools are traditionally difficult to control, and introduce new countermeasures that let you fight back. In this webinar we will cover:
- An analysis of recent malware and attacks and the tools they used to spread through the network.
- A closer look at the underlying protocols supporting these tools, and the traditional challenges to controlling them.
- Introduce new controls that allow organizations to control NTLM in real-time, block pass-the-hash techniques, and adaptively control the use of NTLM in the network.
- How to gain visibility into PsExec, WMI, and RPC in general and how to create controls that distinguish valid from malicious use of these powerful tools.