One of the main variants of attack against Windows systems is the abuse of Active Directory using tools for credential theft such as Mimikatz. According to network security specialists, the use of Mimikatz and other similar tools allows threat actors to extract passwords stored in memory from the Local Security Subsystem Service (LSSAS. EXE), so it is considered a severe security threat.
This time, network security experts from the International Institute of Cyber Security (IICS) will show you the best methods to protect against password theft using Mimikatz, allowing you to consolidate a complete cybersecurity environment.
As usual, we remind you that this article was prepared for informational purposes only, so this should not be considered as a call to action. IICS is not responsible for the misuse that may occur to the information contained herein.
Method 1: Avoid the debugging possibilities
Debugging mode is enabled by default on Windows systems and is granted to the local Administrators group (BUILTINAdministrators). According to network security experts, almost 99% of administrators do not use this feature, so it is better to disable it before threat actors try to exploit it.
To do this, go to Group Policy (local or domain) and go to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment and enable the Debugging Program Policy.
This configuration must be included in the domain group of users who require debug rights, leaving this space empty so that no other user can access this privilege.
After applying these changes, if the ..
Support the originator by clicking the read the rest link below.