When an attacker compromises any workstation, the local administrator password hash can be obtained and used to access every other workstation using the classic Active Directory exploit Pass-the-Hash (PtH). Fortunately Microsoft now has a solution to protect local administrator accounts from reuse. Labeled LAPS (Local Administrator Password Solution), a compromised local admin account cannot be used to as a launch point for other malicious activity by an adversary.
http://www.praetorian.com/blog/microsofts-local-administrator-password-solution-laps
If you have a Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.
No comments:
Post a Comment