Hardened admin workstations used to protect privileged accounts - provide a locked-down, dedicated OS that is strictly used for administrative IT tasks and nothing else. All productivity tasks like email and web browsing are performed on a separate system. In this talk I will discuss my lessons learned while deploying PAWs in a real-world corporate environment. I’ll explain the inherent flaws in traditional approaches, such as jump servers, and show examples of other techniques I've used to limit exposure to credential theft and lateral movement. Fellow blue teamers will discover these controls are feasible to implement, even in small environments.
My name is Bill V. I'm passionate about security and I head up everything IT at a SMB in the financial industry. One of my favorite things about being a blue teamer is implementing an effective control network-wide and users not even noticing. I enjoy learning new offensive techniques, testing them out on my network, and building defenses and detection mechanisms around them.