Users are not the only ones to suffer from password re-use across multiple sites, services, or devices. Unfortunately, many system administrators use the same passwords for local administrator access across all workstations for ease of technical support. But what’s good for the sysadmin, is also good for the threat actor who gains access to password hashes. Pen Test Partners (PTP) briefly discusses the issues with admin password re-use and suggests a more secure solution than using the same local admin password across all workstations. For example, an actor who has extracted local password hashes is likely to gain access to more hashes for the domain or enterprise admins. The domain admin access then enables the unauthorized creation of new users with administrator access without the need to ever crack a password. According to PTP, Microsoft provides a free tool called Local Administrator Password Solution (LAPS) to reduce the risk from re-using local admin passwords. LAPS, which can be rolled out via Group Policy, provides every machine connected to the domain with a unique, strong, randomly generated password that can change on a daily basis. Yes, this may take an extra moment or two during tech support visits, but could save your local and domain admin from compromise and/or your network from ransomware. Read more at PenTestPartners.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!