SANS Digital Forensics and Incident Response Blog: Author - Mike Pilkington

Protecting Privileged Domain Accounts: PsExec Deep-Dive

[Author's Note: This is the 6th in a multi-part series on the topic of "Protecting Privileged Domain Accounts". My primary goal is to help incident responders protect their privileged accounts when interacting with comprised hosts, though I also believe this information will be useful to anyone administering and defending a Windows environment.] PsExec is an … Continue reading Protecting Privileged Domain Accounts: PsExec Deep-Dive


Protecting Privileged Domain Accounts: Network Authentication In-Depth

[Author's Note: This is the 5th in a multi-part series on the topic of "Protecting Privileged Domain Accounts". My primary goal is to help incident responders protect their privileged accounts when interacting with comprised hosts, though I also believe this information will be useful to anyone administering and defending a Windows environment.] To coincide … Continue reading Protecting Privileged Domain Accounts: Network Authentication In-Depth


Protecting Privileged Domain Accounts: Safeguarding Access Tokens

[Author's Note: This is the 4th in a multi-part series on the topic of "Protecting Privileged Domain Accounts". My primary goal is to help incident responders protect their privileged accounts when interacting with comprised hosts, though I also believe this information will be useful to anyone administering and defending a Windows environment.] I've previously written … Continue reading Protecting Privileged Domain Accounts: Safeguarding Access Tokens


Protecting Privileged Domain Accounts: Disabling Encrypted Passwords

[Author's Note: This is the 3rd in a multi-part series on the topic of "Protecting Privileged Domain Accounts". My primary goal is to help incident responders protect their privileged accounts when interacting with comprised hosts, though I also believe this information will be useful to anyone administering and defending a Windows environment.] Update: I have … Continue reading Protecting Privileged Domain Accounts: Disabling Encrypted Passwords


Protecting Privileged Domain Accounts: LM Hashes — The Good, the Bad, and the Ugly

[Author's Note: This is the 2nd in a multi-part series on the topic of "Protecting Privileged Domain Accounts". My primary goal is to help incident responders protect their privileged accounts when interacting with comprised hosts, though I also believe this information will be useful to anyone administering and defending a Windows environment.] I realize the … Continue reading Protecting Privileged Domain Accounts: LM Hashes — The Good, the Bad, and the Ugly