1
00:00:00,120 --> 00:00:01,000
All right let's talk.

2
00:00:01,020 --> 00:00:03,160
L m and r mitigation.

3
00:00:03,450 --> 00:00:10,680
So the best defense here is to actually disable l m and r you have to disable not only L M and R but

4
00:00:10,680 --> 00:00:16,380
also FBT and S because remember if DNS fails it goes to element R F Elam and our fails it goes to empty

5
00:00:16,380 --> 00:00:23,580
DNS just cutting out element R isn't enough so to fully disable this you have to disable both.

6
00:00:23,580 --> 00:00:25,170
Here is how you kind of do it.

7
00:00:25,170 --> 00:00:29,910
This is just a copy paste of what I would actually send to a client or put on a report for a client

8
00:00:30,300 --> 00:00:38,210
as to how to disable this if they are not able to disable element R or they just refuse to.

9
00:00:38,220 --> 00:00:46,020
Then the second option is to tell them to enable network access control which if you're not familiar

10
00:00:46,020 --> 00:00:52,110
with what that means network access control means that hey I can't just go and plug into any port on

11
00:00:52,110 --> 00:00:54,720
your network and gain access.

12
00:00:54,720 --> 00:01:00,680
It's going to look for a MAC address and say Does this MAC address belong and should we allow it.

13
00:01:00,690 --> 00:01:03,870
And a lot of the times it doesn't belong or it's not allowed.

14
00:01:03,870 --> 00:01:09,080
You're actually going to shut that port down or otherwise it's just not going to let you on the network.

15
00:01:09,150 --> 00:01:13,910
So there are bypasses in network access control but I think again that this is an internal.

16
00:01:14,010 --> 00:01:19,170
And you just want to make it as hard as possible for somebody to get into your network and that would

17
00:01:19,170 --> 00:01:24,860
prevent this attack from even happening or at least stall the attack from happening.

18
00:01:24,870 --> 00:01:32,400
The other thing here is to require the strong user passwords so 14 characters or longer you know 40

19
00:01:32,400 --> 00:01:37,170
character passwords probably the past to the long sentence whatever however long you want to make it

20
00:01:37,200 --> 00:01:43,110
but it should be long and the 14 characters and that's really what you want to harp on your your policies

21
00:01:43,110 --> 00:01:47,790
to your clients is you want to tell them like yeah you can have your minimum but you should stress how

22
00:01:47,790 --> 00:01:49,980
easy it is to crack these passwords.

23
00:01:49,980 --> 00:01:53,120
The longer the password the harder it is to crack.

24
00:01:53,280 --> 00:02:00,360
And it goes from like seven or eight characters being you know a couple hours to or even seconds to

25
00:02:00,360 --> 00:02:08,670
hours you know from 14 characters 15 characters being years to crack and a brute force attempt so just

26
00:02:08,670 --> 00:02:14,310
that difference in a few extra characters and just making a little bit longer really doesn't make a

27
00:02:14,310 --> 00:02:19,110
difference and it makes it really hard on us as an attacker to be successful so hopefully that makes

28
00:02:19,110 --> 00:02:20,150
a little bit more sense.

29
00:02:20,250 --> 00:02:26,760
And when you're an interview you can talk through elem and R talk about disabling it for best case scenarios

30
00:02:26,820 --> 00:02:32,010
and talk about other mitigations to prevent these sorts of attacks as well.

31
00:02:32,010 --> 00:02:37,890
So from here we're going to move on and talk about how we can utilize elem in our poisoning to our advantage

32
00:02:37,950 --> 00:02:44,010
in other ways and not just capture a hash and crack it but actually use that hash to our advantage and

33
00:02:44,010 --> 00:02:45,720
gain access to a machine.

34
00:02:45,750 --> 00:02:47,310
So let's go ahead and take a look at that.