Build Conference 2015 and Significance of Windows 10

I really wanted to make this post in time for the Build 2015 Conference that opens tomorrow in San Francisco. Windows 10 will be in the spotlight. Why is Windows 10 important? It is not about the new UI features and the return of the start menu for me. It is all about security improvements. I’ve helped numerous friends and family members over the years to deal with various types of malware. It made me learn several fascinating subjects in the area of cyber security. Windows 10 seem to be closing many of the security vulnerabilities and some of the well-known attack vectors. One of my FB friends got her PC user files fully encrypted by a malware couple of weeks ago. Someone on FB went as far as to suggest using Linux. I wanted to see for myself what was done in the latest Windows builds to mitigate the attacks. I spent a couple of weeks hammering on what I could find (it included the latest Windows 10 and 8.1 builds) using some well-known hacking tools. I would strongly recommend to anyone on older versions of Windows to upgrade if you care about security. For example, in-memory credentials theft using tools like mimikatz by total genius Benjamin Delpy is no longer possible unless you are explicitly enabling legacy providers on your PC. Windows 7 and even Windows 2012 Server (non-R2) still has in memory credentials vulnerability. The one vector that still worked on Windows 10 was PTH. I explored this scenario in depth. The scary part was that in one of the scenarios that I tried I re-set the test account password that I used in the session that I took over, but the token from a week old session still worked and allowed me to access resources available to that account. This last attack requires administrator privilege though. If someone gets privilege elevation and admin access it is pretty much over for the local machine anyway. I’m sure there will be PTH defenses for the networked environments and will make another post when I will get more research done on this subject. PTH threat is still out there, but at least Windows 10 and latest builds of 8.1 make your credentials much safer. At least if you will run Windows 10 you will be sending script kitties to look elsewhere to practice their hacking skills.

Advertisements