Jump to content
init5

eNDP Suggestions

Recommended Posts

init5

Hello eLS,

Hope you're all safe out there.

I've just passed eNDP, my 4th cert from eLearnSecurity & definitely not gonna be the last!

The exam objectives are basically part of what I do in my day to day job, so I thought may be I can contribute with a few ideas that could fit in the exam scenario if it got updated in the future, in order to meet today's fast evolving threats, specially that the exam lab duration is 4 days, so a LOT can be done. ^^

Most of the mitigations are based on Microsoft's Securing Privileged Access roadmap.

First, Windows 7 is out of support, switching exam clients OS to Windows 10 will open the door for a lot of fun stuff! (Coming below)

With that out of the way, here are a few thoughts:
- Implementing LAPS could be included, as means to limit lateral movement with local accounts
- Applying logon restrictions (Credential tiering) to prevent Tier 0 admins from logging on to lower trust systems
- Using Windows firewall + IPSec to authenticate inbound connections on Tier 2 clients, as means to limit lateral movement via domain accounts (and also ransomware spread to some point)
- Detecting & cleaning up excessive permissions via ACL Scanner
- Eradicating dangerous protocols (SMB1, LanManager, NTLMv1, LDAP Simple Bind, WinRM basic auth, etc.) - in other words, implementing security baselines or STIGs.
- Application whitelisting (AppLocker and/or Device Guard) - a miniature PoC, i.e. allowing a specific version of a specific app from a specific publisher, etc.
- Utilizing Windows 10 virtualization based security (The fun stuff!)
   > Credential guard & Remote credential guard
   > LSA protection for older OSs that don't support credguard
   > Attack surface reduction rules (ASR)
   > Exploit Protection (replaces EMET, which is also deprecated by Microsoft)
   > Network Protection

There is a lot more to endpoint hardening than this, but those are the points that could be included in an exam scenario without being overly complicated or driving the student crazy.
The exam might become a little more challenging, but will still be doable and definitely fun!

Hopefully that was somewhat useful and didn't waste everyone's time for nothing! ;)
Cheers

  • Like 1

Share this post


Link to post
Share on other sites
dimitrios

Thank you for the feedback.

We will add all those in the next update for sure.

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

×