Domain Password Auditing with the Cloud | SANS@MIC Talk

Channel:
United States SANS Institute
Subscribers:
64,099
Published on ● Video Link: https://www.youtube.com/watch?v=5GTeljw1AOs


Duration: 1:17:29
302 views
3

The primary vulnerability in networks today is passwords. Often these bad passwords are not even compliant with the organization's password policy! How does this happen, and how can we tell?

In this talk, we discuss password selection vulnerabilities and demonstrate auditing an Active Directory environment leveraging cloud resources to enhance scale with a low cost to entry. Once we have discovered issues, we will explore techniques to perform statistical analysis and triage our findings for remediation. Passwords are important and they affect all organizations even those who feel like they have solved the problem.

Speaker Bio
Matthew Toussain is an active-duty Air Force officer and the founder of Spectrum Information Security, a firm focused on maximizing the value proposition of information security programs. As an avid information security researcher, Matthew regularly hunts for vulnerabilities in computer systems and releases tools to demonstrate the effectiveness of attacks and countermeasures. He has been a guest speaker at many conference venues, including DEFCON, the largest security conference in the world.

After graduating from the U.S. Air Force Academy, where he architected and instructed the summer cyber course that now trains over 400 cadets per year, Matthew served as the Senior Cyber Tactics Development Lead for the U.S. Air Force. He directed the teams responsible for developing innovative tactics, techniques, and procedures for offensive operations as well as for cyber protection teams (CPT). Later, as a member of the 688th Cyber Warfare Wing he managed the Air Force's transition of all 18 CPTs to fully operational capability. As a founding member of Spectrum, Matthew regularly performs a wide variety of information security services. He earned his master's degree in information security engineering as one of the first graduates of the SANS Technology Institute and supports many national and international cyber competitions including the CCDC, Netwars, and the National Security Agency's Cyber Defense Exercise as a red team member and instructor.



Other Videos By SANS Institute


2020-04-23Secure Video Conferencing - What to Train Your Workforce On | SANS@MIC Talk
2020-04-21Learning From The Adversary: Automated Malware Analysis For The Win! | SANS@MIC Talk
2020-04-21Self-Compiling Malware | SANS@MIC Talk
2020-04-17C2 Matrix | SANS@MIC Talk
2020-04-14SANS Live Online - New Online Training Platform
2020-04-14Successful Infosec Consulting, Getting Clients Deep Dive | SANS@MIC Talk
2020-04-14Check out SEC573! More Python3! More Pywars! | SANS@MIC Talk
2020-04-10How Threats are Responding to COVID-19 | STAR Webcast
2020-04-09Take Back The Advantage - Cyber Deception for the Win | SANS@MIC Talk
2020-04-07Pen Testing ICS and Other Highly Restricted Environments | SANS@MIC Talk
2020-04-07Domain Password Auditing with the Cloud | SANS@MIC Talk
2020-04-07SANS Institute - Self Paced Online Training
2020-04-06ZOMG It's ZOOM! - Don't worry, it's safe. As long as you follow some rules. - SANS Webcast
2020-04-03What Every Pen Tester Needs to Know About ICS
2020-04-02Are You Certifiable? | SANS@MIC Talk
2020-04-01The Hackers Apprentice | SANS@MIC Talk
2020-03-31Pen Testing ICS and Other Highly Restricted Environments - SANS Pen Test HackFest Summit 2019
2020-03-31Stealth persistence strategies | SANS@MIC Talk
2020-03-27Attacking Serverless Servers: Reverse Engineering the AWS, Azure, and GCP Function Runtime
2020-03-25xHunt - An Anime Fan's Attack Campaign in the Middle East | STAR Webcast
2020-03-24I'm Sorry Dave, I Can't Do That: Practical Machine Learning for Information Security | SANS@MIC Talk


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training