Today webinar is interesting. It covers 4 demos, and some interesting pentest methodologies on Windows server infrastructure.
From introducing the Cyber killchain and how NTLM protocol works, a quick demo shows how a hacker can use "pass the hash" technique to compromise from local to domain admin.
Then follow by using "pass the ticket" technique to leverage Kerberos to steal identity/ticket.
Next, the webinar shows how can we protect LSASS memory by introducing "Credential Guard".
Last, there is a demo on a techniques to maintain persistence in a Windows system with a Windows Hello, a not so common technique that used by advanced hackers.
Great presentation.