Learn from a Certified Hacker
Matthew Calder, Microsoft Learning
Lots! He’s describing the five steps that every hacker must follow!
Bring your questions to “Defense in Depth”: Windows 8.1 Security on May 8. This live, online session will highlight tips and tricks for protecting data in real life. Learn how Windows 8.1 addresses security in a system-wide manner, layer by layer. Learn how to create a secure baseline, and how to protect your Windows Enterprise architectures against pass-the-hash attacks and other advanced threats.
As they present entertaining demonstrations on how to build a sophisticated defense strategy, join Microsoft Global Business Support Premier Field Engineer Milad Aslaner, Certified Ethical Hacker, MVP Erdal Ozkaya, and Microsoft Global Business Support MVP Erdal Ozkaya. This informative and entertaining presentation will show you how to stop hackers and malware developers. * IT Security Landscape Shift* Five Steps That Every Hacker Follows* Windows Defense Techniques* Hardening – Establish a Secure Baseline
Bring your questions to Defense in Depth – Window 81 Security/ a live online session highlighting tips* and* IT Security Landscape shift* Hardening: Establish a Secure Baseline Defense In Depth: Windows 81 SecurityDate May 8. 2014 Time: 900am-5d0pm PDT
Click here for more information
Here is a list of things you should do if your computer or network is attacked.
This blog post is not technical. You can view my prerecorded sessions or training classes to get more technical information. To make your life easier, I have included the links in the appendix section.
1) Don’t panic
This is a simple task to write and recommend, but it’s not easy to do. Also, don’t panic if you aren’t ready. What should you do next?
2) Use the incident response plan (if it is available)
If you have a Computer Incidence Response Team (CIRT), call them and tell them what has happened. Notify your vendor contract, such as Microsoft Premier, if you have any concerns. Notify the management. If you don’t have any of these, make sure you know your job and if you don’t, get professional help.
Microsoft Enterprise Cybersecurity Group has also a Service which is called ” Persistent Adversary Detection Service” (PADS) (download/5/0/8/50856745-C5AE-451A-80DC-47A920B9D545/AFCEA_PADS_Datasheet.pdf) which may help you proactively.
3) Check the “infected” system and confirm if it is compromised.
You should scan your system to identify and fix any possible problems.
– Patch the Operating System, any program that is running on the system
– Use an offline anti-virus (Av) to scan your computer
– Cross-check the scan with a Microsoft
– Limit domain administrator accounts and other privileged account authentication to lower trust servers or workstations
To contain the damage caused by infection, ISOLATE the system.
Also, make sure to check for “lateral movement/s” that attackers may have accessed other systems in your network. This will help you understand what happened and which data was compromised.
Pass the Hash is a popular attack method. Make sure you read the whitepaper from Microsoft, to learn how you can mitigate it (en-us/download/details.aspx?id=36036)
4) Check your logs (Security & Network & System)
A good place to start is to check the security logs of your Firewall, AV’s, and System Security logs. These logs should give you an indication of what is happening. These logs can also be used as evidence
– Reexamine the requirements for each software’s ports and make any deviations from Standard ports where possible.
– Implement Auditing Domain Admin/local Administrator Accounts via any SIEM/event forwarding
5) Reset your Passwords
Change the settings immediately