...
- Mark to send out a strawman endorsement statement that the group will iterate on in email.
- Brian to clarify whether one can tell the difference between NTLM v1 and v2 in the logs.
- David to draft an alternative means statement about NTLMv2 and RC4/HMAC.
- Ron to draft a statement about client caching of credentials.
- Ron will look into whether SysKey uses approved algorithms.
Notes
Alternative Means: Monitor and Mitigate
For those with a different case, this provides enough of a template that others can use to address their own use case. Chicago to submit it, endorsed by those on the AD-Assurance call that approved it (and others that follow suit on email). AI - Mark to send out a strawman endorsement statement that the group will iterate on in email. Ron will then add this statement to his proposal and send to the AAC.
Next Steps on Cookbook
Eric's proposal
...