BrakeSec Education Podcast

MITRE Pre-Attack techniques https://attack.mitre.org/techniques/pre/ https://www.bbc.com/news/business-48905907 Zoom - https://www.wired.com/story/zoom-flaw-web-server-fix/   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec  

    Starting a new business (hanging the shingle)   What’s a way to become an independent consultant? Especially if you don’t have a reputation?   Ben's reading list: “Mindset: the New Psychology of success” “Essentialism” “Extreme ownership” “Team of teams”     Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec  

Identity analytics   “Identity analytics is the next evolution of the IGA (Identity Governance & Administration) market. Identity professionals can use this emerging set of solutions combining big data and advanced analytics to increase identity-related risk awareness and enhance IAM processes such as access certification, access request and role management.” --gartner Identity related risk awareness Access certification is the process of validating access rights within systems. ... With access certification, organizations and regulations aim to formally validate users within systems and ensure their access rights are appropriate.   Access request - a system must validate that a user has need-to-know Role management - users must be validated in a particular role or roles (admin, superuser, backup controller, launch manager, code committer) What kind of threats are you protecting against? What do you solve that proper administration of users can do? How does technology like this improve IAM processes?  If it gathers heuristics, what happens when a user changes? (loses an arm, finger, or sneezes during password login, or just ages?)   Where is the best fit for these kinds of systems?  Where should you put these systems if you’re in a blended environment? And how does this work with systems like Active Directory? Privacy issues… what if any do you have to deal with in this case?  That was my next question Entitlements? What’s the difference between AuthN? Identity creep -Ben gave a talk on it  https://www.brighttalk.com/webcast/17685/362274 Does this monitor, or will it also prevent?  If it doesn’t, can it send alerts to you IPS to isolate? “Blast radius” https://whatis.techtarget.com/definition/behavioral-biometrics   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Tanya Janca (@shehackspurple)   DevOps Tools for free/cheap.     They are all on github right, so they are all free?     Python, Docker, k8s, Jenkins     Licensing can be a problem     Free-mium software, or trialware is useful? OWASP DevSlop     Module     Nicole Becker         Pixie - insecure instagram “Betty Coin” SSLlabs - Qualys   Mentoring Monday:     What is “Mentoring Monday”?     What does it take to be a good mentor?     Should a mentee have a goal in mind?         Something other than “I want to be just like you”?     Do you assist in creating the relationship?         What if they don’t meld?         Are there any restrictions?     Any place in someone’s career?     How do you apply?     Advocating - Leading Cyber Ladies: https://twitter.com/LadiesCyber WoSec International - https://twitter.com/WoSECtweets     19 Chapters worldwide         Africa, No. America, Europe     Goal? (hacker workshops)     Submitting talks at cons     Outreaching (how would people get involved)     Mentorship involved in this?   Global AppSec   Videos on youtube:     OWASP DevSlop: https://www.youtube.com/channel/UCSmjcWvgVBqF3x_7e5rfe3A     https://www.youtube.com/channel/UCSmjcWvgVBqF3x_7e5rfe3A Blog Site: https://dev.to/shehackspurple Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Announcements: InfoSec Campout Conference (Eventbrite, social contract, etc): https://www.infoseccampout.com All Day Devops (https://www.alldaydevops.com) free talks online... Next conference starts 06 November 2019 ------ Tanya Janca (@shehackspurple) @wosectweets - Women of Security DevOps Tools for free/cheap.     They are all on github right, so they are all free?     Python, Docker, k8s, Jenkins     Licensing can be a problem     Free-mium software, or trialware is useful? OWASP DevSlop     Module     Nicole Becker         Pixie - insecure instagram “Betty Coin” SSLlabs - Qualys   Mentoring Monday:     What is “Mentoring Monday”?     What does it take to be a good mentor?     Should a mentee have a goal in mind?         Something other than “I want to be just like you”?     Do you assist in creating the relationship?         What if they don’t meld?         Are there any restrictions?     Any place in someone’s career?     How do you apply?     Advocating and being a good ally Leading Cyber Ladies: https://twitter.com/LadiesCyber WoSec International - https://twitter.com/WoSECtweets     19 Chapters worldwide         Africa, No. America, Europe     Goal? (hacker workshops)     Submitting talks at cons     Outreaching (how would people get involved)     Mentorship involved in this?   Global AppSec   Videos on youtube:     OWASP DevSlop: https://www.youtube.com/channel/UCSmjcWvgVBqF3x_7e5rfe3A     https://www.youtube.com/channel/UCSmjcWvgVBqF3x_7e5rfe3A Blog Site: https://dev.to/shehackspurple   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

ANNOUNCEMENTS: INFOSEC CAMPOUT TICKETS ARE STILL ON SALE. Go to https://www.infoseccampout.com for Eventbrite link and more information.     Part 2 of our Discussion with Chris Sanders (@chrissanders88) Topics discussed: Companies dropping existing frameworks for ATT&CK Matrix, why? Rural Technology Fund - What it is, how does it work, Who can help make it more awesome.   https://chrissanders.org/2019/05/infosec-mental-models/   I’ve argued for some time that information security is in a growing state of cognitive crisis…   Demand outweighs supply Because so many organizations need experience, they are unable to appropriately invest in entry-level jobs and devote the necessary time for internal training. That’s an HR and hiring manager issue, right? --brbr  No. --bboettcher   Information cannot be validated or trusted     There are few authoritative sources of knowledge about critical components and procedures.   Large systemic issues persist with no ability to tackle them in a large, mobilized, or strategic manner.     The industry is unable to organize or widely combat the biggest issues they face.     Groups of individuals, everyone thinking they have the ‘right answer’, just like linux flavors --brbr   https://www.fireeye.com/blog/threat-research/2015/06/caching_out_the_val.html https://www.helpnetsecurity.com/2018/07/10/windows-shimcache-threat-hunting/   Dependence on tools: http://traffic.libsyn.com/brakeingsecurity/2016-006-Moxie_vs_Mechanism-dependence_on_tools.mp3   https://en.wikipedia.org/wiki/Cognitive_revolution https://buzzmachine.com/2019/04/25/a-crisis-of-cognition/   How do we solve it?   We must thoroughly understand the processes used to draw conclusions. S.M.A.R.T.? Experts must develop repeatable, teachable methods and techniques. Educators must build and advocate pedagogy that teaches practitioners how to think. https://www.maximumfun.org/shows/sawbones - sawbones podcast (amanda mentioned)   Mental Model?     We use them all the time? Gotta simplify the complex...     Distribution and the Bell Curve     Operant Conditioning https://www.latimes.com/science/la-sci-emotional-stereotypes-about-women-20190530-story.html     The Scientific Method   Applied Models       13 Organ Systems     4 Vital Signs     10 Point Pain scale Defense in Depth OSI model Investigation Process   https://en.wikipedia.org/wiki/Inductive_reasoning   Model Desperation     Companies dumping existing models and embracing something else   The problem is that we’re model hungry and we’ll rapidly use and abuse any reasonable model that presents itself. Ultimately, we want good models because we want a robust toolbox. But, not everything is a job for a hammer and we don’t need fourteen circular saws.   What makes a good model? Simple Useful Imperfect? (wuh?)-brbr   Creating models     Begins by asking a question… (what is the weather going to look like tomorrow? --brbr)         What defines the sandwich? (kind of like “https://en.wikipedia.org/wiki/Theory_of_forms” --brbr)   Discuss the Rural Tech Fund https://twitter.com/RuralTechFund     https://ruraltechfund.org/ Practical Threat Hunting - https://twitter.com/chrissanders88/status/1133388347194454018 Practical Packet Analysis - https://nostarch.com/packetanalysis3     Suggesting books: https://www.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374533555 https://www.amazon.com/Undoing-Project-Friendship-Changed-Minds/dp/0393354776 More references on Chris’ site https://chrissanders.org/2019/05/infosec-mental-models/   Book Club Cult of the dead cow - June Tribe of Hackers - July The Mastermind - August The Cuckoo’s Egg - September   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

https://chrissanders.org/2019/05/infosec-mental-models/   I’ve argued for some time that information security is in a growing state of cognitive crisis…   Demand outweighs supply Because so many organizations need experience, they are unable to appropriately invest in entry-level jobs and devote the necessary time for internal training. That’s an HR and hiring manager issue, right? --brbr  No. --bboettcher   Information cannot be validated or trusted     There are few authoritative sources of knowledge about critical components and procedures.   Large systemic issues persist with no ability to tackle them in a large, mobilized, or strategic manner.     The industry is unable to organize or widely combat the biggest issues they face.     Groups of individuals, everyone thinking they have the ‘right answer’, just like linux flavors --brbr   https://www.fireeye.com/blog/threat-research/2015/06/caching_out_the_val.html https://www.helpnetsecurity.com/2018/07/10/windows-shimcache-threat-hunting/   Dependence on tools: http://traffic.libsyn.com/brakeingsecurity/2016-006-Moxie_vs_Mechanism-dependence_on_tools.mp3   https://en.wikipedia.org/wiki/Cognitive_revolution https://buzzmachine.com/2019/04/25/a-crisis-of-cognition/   How do we solve it?   We must thoroughly understand the processes used to draw conclusions. S.M.A.R.T.? Experts must develop repeatable, teachable methods and techniques. Educators must build and advocate pedagogy that teaches practitioners how to think. https://www.maximumfun.org/shows/sawbones - sawbones podcast (amanda mentioned) Mental Model?     We use them all the time? Gotta simplify the complex...     Distribution and the Bell Curve     Operant Conditioning https://www.latimes.com/science/la-sci-emotional-stereotypes-about-women-20190530-story.html     The Scientific Method   Applied Models       13 Organ Systems     4 Vital Signs     10 Point Pain scale Defense in Depth OSI model Investigation Process   https://en.wikipedia.org/wiki/Inductive_reasoning   Model Desperation     Companies dumping existing models and embracing something else   The problem is that we’re model hungry and we’ll rapidly use and abuse any reasonable model that presents itself. Ultimately, we want good models because we want a robust toolbox. But, not everything is a job for a hammer and we don’t need fourteen circular saws.   What makes a good model? Simple Useful Imperfect? (wuh?)-brbr   Creating models     Begins by asking a question… (what is the weather going to look like tomorrow? --brbr)         What defines the sandwich? (kind of like “https://en.wikipedia.org/wiki/Theory_of_forms” --brbr)   Discuss the Rural Tech Fund https://twitter.com/RuralTechFund     https://ruraltechfund.org/ Practical Threat Hunting - https://twitter.com/chrissanders88/status/1133388347194454018 Practical Packet Analysis - https://nostarch.com/packetanalysis3   Suggesting books: https://www.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374533555 https://www.amazon.com/Undoing-Project-Friendship-Changed-Minds/dp/0393354776 More references on Chris’ site https://chrissanders.org/2019/05/infosec-mental-models/   Book Club Cult of the dead cow - June Tribe of Hackers - July The Mastermind - August The Cuckoo’s Egg - September   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Bryan got phished (almost) - story time!   https://isc.sans.edu/forums/diary/Do+you+block+new+domain+names/17564/   Through OpenDNS https://learn-umbrella.cisco.com/product-videos/newly-seen-domains-in-cisco-umbrella Available January 2017, Umbrella filters newly seen or created domains. By using new domains to host malware and other threats, attackers can outsmart security systems that rely on reputation scores or possibly outdated block lists. Umbrella now stops these domains before they even load.   Also “unknown” category? pros/cons   Good filter time for domains?   Amanda: windows logging issues well…. FUCKING EVERYTHING CREATES TASKS IN SCHEDULER   https://www.microsoft.com/en-us/windowsforbusiness/windows-atp   Breach news:   https://www.dutchnews.nl/news/2019/05/hackers-steal-key-info-about-home-hunters-from-housing-agency/ FTA: The hackers now have their name, address, contact information and copies of their passport or ID card, which includes their personal identification number, or BSN. This is sufficient to allow the hackers to open bank accounts or take out loans by using other people’s identity.   https://www.bleepingcomputer.com/news/security/over-757k-fraudulently-obtained-ipv4-addresses-revoked-by-arin/ Mostly colos, data centers, ‘aaS’ providers Many in the Mid-West   Book Club Cult of the dead cow - June Tribe of Hackers - July The Mastermind - August The Cuckoo’s Egg - September   https://www.infoseccampout.com EventBrite Link:https://www.eventbrite.com/e/infosec-campout-tickets-61915087694 Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

https://static1.squarespace.com/static/556340ece4b0869396f21099/t/5cc9ff79c830253749527277/1556742010186/Red+Team+Practice+Lead.pdf https://www.reddit.com/r/netsec/comments/bonwil/prevent_a_worm_by_updating_remote_desktop/   https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/ https://security.berkeley.edu/resources/best-practices-how-articles/system-application-security/securing-remote-desktop-rdp-system https://www.bleepingcomputer.com/news/security/unsecured-survey-database-exposes-info-of-8-million-people/ https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-security.html https://www.elastic.co/blog/found-elasticsearch-security https://dzone.com/articles/securing-your-elasticsearch-cluster-properly Auth is possible, using reverse proxy… this is basic auth :( https://github.com/Asquera/elasticsearch-http-basic   Here’s one that uses basic auth and LDAP: https://mapr.com/blog/how-secure-elasticsearch-and-kibana/ 2fa setup: https://www.elastic.co/guide/en/cloud/current/ec-account-security.html   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Things I learned this week:   https://www.securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.helpnetsecurity.com/2019/04/29/docker-hub-breach/   https://www.zdnet.com/article/a-hacker-is-wiping-git-repositories-and-asking-for-a-ransom/ https://attack.mitre.org/techniques/T1003/ https://github.com/giMini/PowerMemory   https://en.wikipedia.org/wiki/Local_Security_Authority_Subsystem_Service   https://attack.mitre.org/techniques/T1208/