Microsoft release whitepaper on “Pass-the-Hash” mitigation techniques
Microsoft has recently published a whitepaper titled “Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques” and containing guidance and advice to mitigate against such techniques.
The top three mitigations presented are:
- restricting and protecting high privileged domain accounts
- restricting and protecting local accounts with administrative privileges
- restricting inbound traffic using Windows Firewall
The full paper is available from Microsoft’s Security Blog.